DiscoverDecipher Security Podcast
Chris Wysopal, CTO and founder of Veracode, joins Dennis Fisher to dive into the new White House National Cybersecurity Strategy and discuss what's missing, how practical the pillars are, and when these ideas may be implemented.
Courtney Nash joins Dennis Fisher to talk about the 2022 VOID Report on incidents, why mean time to resolve is no longer a meaningful metric, whether the duration of an incident matters, and how organizations can get better at responding to an analyzing incidents.
Andrew Morris, the founder and CEO of GreyNoise, joins Dennis Fisher to talk about software liability, the evolution of the security industry, and why we're not getting better at securing our systems.
Michelle Finneran Dennedy
Michelle Finneran Dennedy, co-founder of Privacy Code and co-author of The Privacy Engineer's Manifesto, joins Dennis Fisher to talk about her new startup, her path from studying psychology to becoming the first chief privacy officer at Sun and Cisco, and what everyone gets wrong about privacy.
Chris Eng on the 2023 State of Software Security Report
Chris Eng, chief research officer at Veracode, joins Dennis Fisher to discuss the company's new State of Software Security report, whether we're getting better at fixing bugs, and the fragility of open source projects an the software supply chain.
Deciphering Home Alone
Kevin McCallister may not be a hacker or even own a computer (as far as we know), but no one embodies the hacker ethic better than he does, an eight-year-old boy left alone at Christmas who is forced to use his imagination and creativity to defend a prime target and lure his adversaries into his trap. This is Deciphering Home Alone.
Wired journalist and author Andy Greenberg joins Dennis Fisher to discuss his new book Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency, which tells the stories of the agents, academics, and security experts who tracked the admins of the Silk Road, AlphaBay, and other darknet markets through specialized blockchain tracing techniques.
Haroon Meer Returns
Haroon Meer of Thinkst joins Dennis Fisher to talk about the state of the security industry, the value of treating customers with respect, and what the economic downturn could mean for the security community.
Source Code 11/18
Welcome back to the Source Code news wrap podcast. This week, we discuss recent changes to the Emotet malware and vulnerabilities disclosed in F5 BIG-IP appliances.
Dan Lorenc, CEO and founder of Chainguard, joins Dennis Fisher to talk about supply chain security, asset inventory, Sigstore, and the challenges of helping developers write more secure code.
Source Code 11/4
Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources. This week's podcast looks at a new analysis linking Black Basta ransomware to FIN7 tools, the release of a new OpenSSL version addressing high-severity flaws and top findings about the adoption of authentication methods highlighted in the 2022 Duo Trusted Access report.
Dave Lewis, Global Advisory CISO at Cisco, talks about the top takeaways of the 2022 Duo Trusted Access Report and the driving factors behind increased adoption of WebAuthn, MFA and biometrics.
Source Code 10/28
Welcome to Source Code: Decipher's behind the scenes look at the weekly news with input from our sources. In this week's podcast, we discuss a government agency alert for healthcare providers about the Daixin group, a new FTC proposed order against Drizly and a set of voluntary performance goals for critical infrastructure organizations released by CISA.
Kelley Misata, senior director of open source of open source at Corelight and CEO of Sightline Security, joins Dennis Fisher to talk about her road to get into security, the importance of protecting at-risk populations, and the challenges of building community in the open source world.
Source Code 10/21
In this week's Source Code news wrap podcast, we discuss a critical remote code execution flaw in certain versions of the Apache Commons Text library; recent efforts by Fortinet to encourage organizations to apply patches for a vulnerability in its products that is under attack; and a new variant of Ursnif that has been reconstructed from a banking trojan into a generic backdoor.
Martin Roesch Returns
Martin Roesch, CEO of Netography, joins Dennis Fisher to talk about the evolution of network security, protecting hybrid computing environments, and where that Snort pig couch came from.
Source Code 10/14
Welcome back to Source Code, Decipher’s weekly news wrap podcast. Highlights from this week’s security news lineup include a newly discovered flaw in some Siemens S7 PLCs, and Log4j attacks by the known Budworm threat group targeting an unnamed U.S.-based state legislature.
David Agranovich, director of threat disruption with Meta, discusses how threat groups are evolving their inauthentic behavior on social media platforms, as well as recent cyber espionage and malware activity highlighted in Meta’s adversarial reports.
Source Code 10/7
Welcome back to Source Code, Decipher’s weekly news wrap podcast. This week, new research showed the Lazarus Group leveraged a rootkit in two attacks that abused a known vulnerability in a Dell driver in order to disable various Windows monitoring features. Also this week, a new government directive required federal agencies to set up measurable processes needed to perform automated asset discovery and vulnerability detection at regular intervals. Finally, analysts released research into the Bumblebee malware loader, which is a relatively new malware loader that first emerged in March.
Juan Andres Guerrero-Saade
Dennis Fisher talks with Juan Andres Guerrero-Saade, senior director at SentinelLabs, about the investigation into the new Metador APT group that he and his colleagues unveiled at LabsCon recently.