Selling #AppSec Up The Chain (S03E09) – Application Security PodCast
Play episode

Jim Routh joins the podcast to discuss selling #AppSec up the chain. Jim has built 5 successful software security programs in his career and serves as a CISO now. Jim shares his real-world experience with how to successfully sell #AppSec to senior management (as well as many other pieces of wisdom for running an AppSec [...]

The post Selling #AppSec Up The Chain (S03E09) – Application Security PodCast appeared first on Security Journey Podcasts.

Cyber Work
Cyber Work
Getting started and moving up in IT and security
George McPherson, host of the “Blak Cyber” podcast, has an impressive background in IT and information security. On today’s episode, he discusses his cybersecurity journey, talks about his mentors and inspiration, and shares advice for learning cybersecurity and moving up the career ladder. – Get your free security awareness toolkit:  – Enter code “cyberwork” to get 30 days of free training with Infosec Skills: – View transcripts and additional episodes: When George McPherson was pulled through the ranks and pinned as a 21-year-old Sergeant in the U.S. Army over 20 years ago, he learned two things about himself. He could accomplish anything he put his mind to, and he would always pull others up if he was in a position to do so. George prides himself on integrity, an insane work ethic, attention to detail and (his greatest super power) outside-the-box creativity. With 25 years in the technology industry, the first 18 in telecom and the last seven in cybersecurity, George has had the opportunity to work in industries such as the military, telecom, local government, healthcare and electric utility. About Infosec At Infosec, we believe knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with certifications and skills training. We also empower all employees with security awareness training to stay cybersafe at work and home. Driven by smart people wanting to do good, Infosec educates entire organizations to defend themselves from cybercrime. It’s what we do every day — equipping everyone with the latest security skills and confidence to be safe online. Learn more at
32 min
Defense in Depth
Defense in Depth
Allan Alford and David Spark
Leaked Secrets in Code Repositories
All links and images for this episode can be found on CISO Series ( Secrets, such as passwords and credentials, are out in the open just sitting there in code repositories. Why do these secrets even exist in public? What's their danger? And how can they be found and removed? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our sponsored guest is Jérémy Thomas, CEO, GitGuardian. Thanks to this week's podcast sponsor GitGuardian. GitGuardian empowers organizations to secure their secrets - such as API keys and other credentials - from being exposed in compromised places or leaked publicly. GitGuardian offers a threat intelligence solution focused on detecting secrets leaked on public GitHub and an automated secrets detection solution which tightly integrates with your DevOps pipeline. On this episode of Defense in Depth, you’ll learn: * Putting passwords and other credential information inside of code simply happens. It is done by developers for purposes of efficiency, laziness, or simply forgot to take it out. * Given that exposing secrets is done by developers, these secrets appear in code everywhere, most notably in public code repositories like GitHub. * Exposed credentials can appear in SIEMS as it's being exported from the developers' code. * There is a shared responsibility model and cloud providers do have some ability to scan code, but ultimately code you put in your programs is your responsibility. * Scanning public code repositories should be your first step. You don't want to be adding code that has known issues. * Next step is to scan your own code and get alerts if your developers are adding secrets (wittingly or unwittingly) in their code. If you alert in real-time, it fits naturally within the DevOps pipeline and they will improve their secure coding skills. * Another option to deal with exposed secrets is to sidestep the problem completely and put in additional layers of security, most notably multi-factor authentication (MFA). A great idea, and yes, you should definitely include this very secure step, but it doesn't eliminate the problem. There are far too many authentication layers (many automated) for you to put MFA on everything. There will always be many moments of exposure.
29 min
Brakeing Down Security Podcast
Brakeing Down Security Podcast
Bryan Brake, Amanda Berlin, Brian Boettcher
2020-039-Philip Beyer-leadership- making an impact
Phil Beyer - Bio (CISO at Etsy) Importance on books about behavioral science. “Thinking Fast and Slow”: “Predictably irrational”: Influence: the Psychology of Persuasion: Brain at Work: Atomic habits: Tiny habits: New leaders 100 day action plan: Podcasts: Manager Tools Podcast: Career Tools Podcast: Seth Godin Akimbo: Masters of scale: Habit stacking - Temptation bundling - Availability Heuristic: Brian’s Recommendations: Extremely Popular Delusions and the Madness of Crowds: Big 9: Bryan’s Book Recommendations: Malcolm Gladwell’s Talking to Strangers: The Effective Manager by Mark Horstman: ADKAR: A Model for Change in Business, Government and our Community Improved interviews online First 90 days as CISO First 90 day plan: Capability Assessment: Socratic method: Impacts to make Building rapport with new directs Creating a new relationship ‘budget’ with manager/board, colleagues Planning your strategy to make meaningful change in the org as a whole Check out our Store on Teepub! Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email #AmazonMusic: #Brakesec Store!: #Spotify: #Pandora: #RSS: #Youtube Channel: #iTunes Store Link: #Google Play Store: Our main site: #iHeartRadio App: #SoundCloud: Comments, Questions, Feedback: Support Brakeing Down Security Podcast by using our #Paypal: OR our #Patreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : #Stitcher Network: #TuneIn Radio App: #cybersecurity #informationsecurity #leadership #podcasts #CPEs #CISSP
57 min
Greito gyvenimo lėti pokalbiai
Greito gyvenimo lėti pokalbiai
Urtė Karalaitė
55 Aurimas Švedas: Bandydami išsigelbėti pavieniui leisime baimei triumfuoti
„Brangiausia, ką iš mūsų gali atimti baimė, tai pasitikėjimo vienas kitu jausmą. Mūsų pasaulis veikia, nes jį jungia tam tikri socialiniai klijai – pasitikėjimas vienas kitu. Jei mes staiga nutartume, kad bandysime išsigelbėti kiekvienas atskirai, kaip kam išeina, tai būtų baimės triumfas", – naujame epizode svarsto kultūros istorikas Aurimas Švedas, įvairiais pjūviais nagrinėjantis baimės emociją skirtingų laikotarpių istorijos kontekstuose. Šįkart pokalbiui apsčiai pakanka vienos, kaip pasirodė, be galo plačiai aprėpiančios ir visur savo pėdsaką paliekančios, baimės temos. Šiame epizode su pašnekovu apžvelgiam, kaip šią intensyvią, natūralią emociją išnaudoja populistai, žiniasklaida, verslas ir kaip ji veikia šiuolaikinio žmogaus įpročius, pasirinkimus ar net santykį su pačiu savimi. Prisidėk prie podkasto gyvavimo ir gauk epizodus anksčiau nei kiti ––> Patreon Interviu, montažo ir vizualų autorė – Urtė Karalaitė Muzika – Filipe Raposo Pokalbis įrašytas Vilniaus universiteto radijo stotyje „Start FM“ Podkasto kūrimą dalinai finansuoja Spaudos, radijo ir televizijos rėmimo fondas bei Benedikto Gylio fondas. Podkasto draugai – portalas, garso reklamos studija „Dropaudio". Pokalbio klausyk Spotify, iTunes, 15min Klausyk, podkastų klausymo programėlėse ir
56 min
Logical Elegance
349: Open Down to the Transistor
Drew Fustini (@pdp7) spoke with us about building Linux, RISC-V cores, and many other things. Links, so many links! Drew is a board member of the Foundation and of the Open Source Hardware Association ( He is an open source hardware designer at OSHPark (he recommends their blog!). He writes a monthly column for Hackspace Magazine, for example The Rise of the FPGA in Issue 26 and  Intro to RISC-V.  Yocto is a tool to help build a Linux distribution specific to your board and application! Bootlin offers free training material for Yocto and OpenEmbedded (as well as many other things such as Embedded Linux and Linux kernel development). Or there is a video: Buildroot vs Yocto: Differences for Your Daily Job - Luca Ceresoli at Embedded Linux Conference. Or look at Embedded Apprentice Linux Engineer ( Or maybe another video: “Yocto Project Dev Day Virtual 2020 #3: Yocto Project Kernel Lab, Hands-On, Part 1” by Trevor Woerner. RISC-V is an open source processor core. Well, cores. But you can try them out in hardware even if you don’t want to play with an FPGA. The SiSpeed Longan Nano has a GigaDevices microcontroller dev board (with an OLED on board!, more info). Did you know you can run Linux on RISC-V? The cheapest method is emulation and Renode is brilliant for that. Here is Drew using it on the train (twitter). Sipeed boards with Kendryte K210 start at only $13 and can even run Linux (tutorial). There are also affordable open hardware FPGA with free software toolchain support like the ICE40 based Icebreaker and Fomu. For a bit more money, the bigger ECP5 can run Linux. Or look at Greg Davill’s wonderful Orange Crab. For a lot more money but on silicon, the Icicle with Microchip PolarFire SoC is aimed at corporate use. Or you can produce your own physical chips. For free (for a limited time). See the talk from Tim Ansell - Skywater PDK: Fully open source manufacturable PDK for a 130nm process Drew attends a lot of conferences, here are highlights from the past: * OHS 2020 wrist badge  * OHS 2018 epaper badge  * ELC-2018 EALE Buildroot - Thomas Petazzoni  * ELC-2018 EALE Bitbake YP - Behan Webster * Linux on RISC-V with open hardware and open FPGA tools * Sldies for Embedded Linux Conference * Video from FOSS North * Linaro Connect BoF: gpio and pinctrl in Linux kernel (Slides) * RISC-V: How an open ISA benefits hardware security (Slides) * ( video)   Here are some future conferences he’s planning to attend: * Embedded Linux Conference Europe ($50) October 26-29, 2020 (Virtual) * Yocto Project Virtual Summit ($40) October 29-30, 2020 (Virtual) * Open Hardware Summit March 13, 2020
1 hr 14 min
The 6 Figure Developer Podcast
The 6 Figure Developer Podcast
The 6 Figure Developer
Episode 167 – Manage Cloud Cost with Omry Hay
Omry is Co-Founder and CTO at env0, the first self-service cloud management platform for infrastructure as code (IaC) architecture.   Links   Resources Cost estimation open source by Anton Babenko - Terratag, open source to CLI tool that enables users of Terraform to automatically create and maintain tags across their entire set of AWS, Azure, and GCP resources - Cloud nuke - an open source project by to delete all resources in you AWS account - The FinOps foundation, Collaborative, Real-Time Cloud Financial Management - An Article about cloud waste - Blog post about how IaC is forcing a revolution in cloud cost -   Sponsor This episode is brought to you by Talk Python Training. The 6 Figure Developer podcast is all about leveling up your career in the tech space. Learning a little bit of Python will allow you to take your expertise and 10x it with automation, APIs, and even AI. The best place on the internet to learn Python is over at Talk Python Training. Visit to find your next level.   "Tempting Time" by Animals As Leaders used with permissions - All Rights Reserved × Subscribe now! Never miss a post, subscribe to The 6 Figure Developer Podcast! Are you interested in being a guest on The 6 Figure Developer Podcast? Click here to check availability!
42 min
More episodes
Clear search
Close search
Google apps
Main menu