- Видео 71
- Просмотров 4 929
The Security Table
Добавлен 4 дек 2022
The Security Table is three cybersecurity industry veterans from diverse backgrounds discussing how to build secure software.
The STRIDE Controversy Evolution vs Extinction in Security Models
We discuss a controversial LinkedIn post claiming "Threat Modeling is Dead." While the STRIDE methodology may need updating, it remains a valuable "gateway" tool for teaching security concepts to developers without security backgrounds. We discuss how STRIDE serves as a useful categorization system, emphasize that dogmatic approaches to threat modeling are problematic, and argue that what matters most are results rather than strict adherence to any particular methodology. Our conclusion; STRIDE is still alive and relevant, but it could benefit from an update to demonstrate its continued applicability.
Просмотров: 49
Видео
Why 100X Isn't the Answer
Просмотров 24День назад
A good discussion today covering two different articles, the first covers CISA's list of product security "bad practices", questioning whether it provides real value or is just content marketing. Then the discussion moves onto an article about Shift Left. The group debates whether it is truly more expensive to fix design flaws versus implementation bugs, noting the difficulty of quantifying the...
We'll Be Here Until We Become Obsolete
Просмотров 3421 день назад
This week we explore the multifaceted concept of obsolescence in technology, detailing its planned, unplanned, and forced forms. We delve into the security implications of outdated or unsupported devices and software, with a spotlight on cloud-connected vehicles and their vulnerabilities. We discuss architectural decisions, regulatory requirements, and real-world incidents like the OnStar hack,...
S2E29 -- Everything is boring
Просмотров 51Месяц назад
Is everything boring? Chris, Izar and Matt discuss why nothing seems interesting enough lately. Is the excitement of vulnerabilities and ransomware waning? The guys touch on Governance, Risk, and Compliance (GRC) in corporate auditing, the impact of ransomware and the contentious role of cyber insurance, the fading novelty of AI and its influence on security, and examine why essential security ...
S2E28 -- Experts want to Excel
Просмотров 27Месяц назад
What constitutes an expert in the field of threat modeling? Today Matt, Chris and Izar explore cultural references, the intricacies of threat modeling practices, and the criteria that define an expert. The discussion touches on the evolution of threat modeling, the roles of facilitators, and the importance of experience and recognition in the field. The guys humorously debate the challenge of s...
Numb to Data Breaches, and How it Impacts Security of the Average Feature
Просмотров 242 месяца назад
In this episode of the Security Table with Chris Romeo, Izar Tarandach, and Matt Coles, the team dives into the evolving landscape of modern security approaches. They discuss the shift from strategy to tactics, the impact of data breaches, and why people are becoming numb to such incidents. The episode also touches on the importance of understanding the business side of security and the role of...
Philosophizing Cloud Security
Просмотров 162 месяца назад
In this episode of the Security Table, our hosts discuss the concept of the 'Shared Fate Model' in cloud security. The conversation explores how this model builds on the shared responsibility model and the implications for cloud service providers and consumers. From robust default security measures to the historical evolution of ISPs, the discussion covers technical and philosophical aspects of...
Innovations in Threat Modeling
Просмотров 392 месяца назад
In this episode of The Security Table, hosts Chris Romeo, Izar Tarandach, and Matt Coles dive into the evolving concept of threat models, stepping beyond traditional boundaries. They explore 'Rethinking Threat Models for the Modern Age,' an article by author Evan Oslick. Focusing on user behavior, alert fatigue, and the role of psychological acceptability, they debate whether broader human fact...
The Illusion of Secure Software
Просмотров 403 месяца назад
In this episode of The Security Table Podcast, hosts ChriS, Izar and Matt dive into the recent statement by CISA's Jen Easterly on the cybersecurity industry's software quality problem. They discuss the implications of her statement, explore the recurring themes in security guidelines, and debate whether the core issue is with people or technology. Join the conversation as they analyze the role...
The Intersection of Hardware and Software Security
Просмотров 1093 месяца назад
In this episode of The Security Table, Chris, Izar, and Matt discuss an article that discusses threat modeling in the context of hardware. They explore the intersection of hardware and software security, the importance of understanding attack surfaces, and the challenges posed by vulnerabilities in hardware components, such as speculative execution faults and the impact of supply chain security...
Computing Has Trust Issues
Просмотров 293 месяца назад
Join us in this episode of The Security Table as we dive into the world of cybersecurity, starting with a nostalgic discussion about our favorite security-themed movies like 'Sneakers,' 'War Games,' and 'The Matrix.' We then shift gears to explore a critical topic in modern computing: the vulnerabilities and implementation issues of Secure Boot. Discover the intricate details of key management,...
The Stages of Grief in Incident Response
Просмотров 253 месяца назад
Join Chris, Izar, and Matt as they sit around the Security Table to dissect and discuss the different stages of dealing with security incidents. In this episode, they explore the developer's stages of grief during an incident, and discuss a recent large-scale IT incident. They share insights from their multi-decade experience in security, analyze the fragility of current systems, and discuss th...
To SSH or not?
Просмотров 1414 месяца назад
In this episode of 'The Security Table,' we are back from our midsummer break to discuss OpenSSH regression vulnerability. We dig into the nuances of this race condition leading to remote code execution, explore the chain of security updates, and the role of QA in preventing such regressions. We debate the necessity of SSH in modern cloud-native environments and its alternatives. Plus, we answe...
Rethinking Security Conferences Engagement and Innovation
Просмотров 344 месяца назад
In this episode Chris, Matt, and Izar discuss the current state of security conferences and gatherings for professionals in the field. They discuss the value and viability of different types of gatherings, the importance of networking and community-building at events, innovative approaches to conference formats and the need for something more engaging and participatory that caters to both intro...
Privacy vs Security: Complexity at the Crossroads
Просмотров 575 месяцев назад
In this episode of the Security Table, Chris, Izar, and Matt delve into the evolving landscape of cybersecurity. The episode has a humorous start involving t-shirts and Frogger as a metaphor for the cybersecurity journey, the conversation shifts to the significant topic of cybersecurity being at a crossroads as suggested by a CSO Online article. They explore the concept of moving from a product...
Security, Stories, Jazz and Stage Presence with Brook Schoenfield
Просмотров 325 месяцев назад
Security, Stories, Jazz and Stage Presence with Brook Schoenfield
Debating the CISA Secure by Design Pledge
Просмотров 415 месяцев назад
Debating the CISA Secure by Design Pledge
Why Developers Will Take Charge of Security, Tests in Prod
Просмотров 805 месяцев назад
Why Developers Will Take Charge of Security, Tests in Prod
XZ and the Trouble with Covert Identities in Open Source
Просмотров 786 месяцев назад
XZ and the Trouble with Covert Identities in Open Source
Nobody's Going To Mess with Our STRIDE
Просмотров 1067 месяцев назад
Nobody's Going To Mess with Our STRIDE
How I Learned to Stop Worrying and Love the AI
Просмотров 387 месяцев назад
How I Learned to Stop Worrying and Love the AI
Secure by Default in the Developer Toolset and DevEx
Просмотров 578 месяцев назад
Secure by Default in the Developer Toolset and DevEx
Debating the Priority and Value of Memory Safety
Просмотров 1268 месяцев назад
Debating the Priority and Value of Memory Safety
Selling Fear, Uncertainty, and Doubt
Просмотров 758 месяцев назад
Selling Fear, Uncertainty, and Doubt
Prioritizing AppSec -- A Conversation Between a VP of Eng, a Product Manager, and a Security "Pro"
Просмотров 1588 месяцев назад
Prioritizing AppSec A Conversation Between a VP of Eng, a Product Manager, and a Security "Pro"
Villainy, Open Source, and the Software Supply Chain
Просмотров 639 месяцев назад
Villainy, Open Source, and the Software Supply Chain
Adam Shostack -- Thinking like an Attacker and Risk Management in the Capabilities
Просмотров 859 месяцев назад
Adam Shostack Thinking like an Attacker and Risk Management in the Capabilities
Bug Bounty Theater and Responsible Bug Bounty
Просмотров 559 месяцев назад
Bug Bounty Theater and Responsible Bug Bounty