security risks

Guest: Francesco Cipollone, CEO & Founder at Phoenix Security [@sec_phoenix]

On LinkedIn | https://www.linkedin.com/in/fracipo/

On Twitter | https://twitter.com/FrankSEC42

On YouTube | https://www.youtube.com/@phoenixsec

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

Imperva | https://itspm.ag/imperva277117988

Pentera | https://itspm.ag/penteri67a

___________________________

Episode Notes

In this episode of Redefining CyberSecurity Podcast, host Sean Martin is joined by Francesco Cipollone from Phoenix Security for a riveting conversation on the vulnerabilities associated with using pre-made tools for website development. The dialogue revolves around the inherent security risks these tools pose, especially when used by non-technical teams like marketing.

Francesco shares a fascinating account of discovering a potential SQL injection in a well-known CRM system. This revelation underscores the importance of input validation and the necessity of secure defaults in any tool. The discussion also brings to light the fact that many systems do not consider these potential security risks as standard, often requiring additional licenses or configurations for basic security measures.

The conversation takes an interesting turn as they discuss a new concept of a Workflow Bill of Materials™ (WBOM)—a term coined by the host, Sean Martin, for the first time. This idea extends beyond the typical focus on software bill of material security (which often focuses on source code, services, and APIs) to include a broader view of the tools and systems that teams use in their daily operations. The WBOM concept emphasizes the need for organizations to understand the associated risks of these tools and implement more secure practices.

Sean and Francesco highlight the importance of threat modeling in identifying potential risks. They also discuss the challenges organizations face in ensuring security, especially when these tools are used by teams with zero security knowledge. The episode concludes with a call to action for the industry to move towards security by default and the ethical use of technology.

This episode offers listeners an insightful look into the complexities of cybersecurity in the context of commonly used tools and systems, and the urgent need for a shift in perspective when it comes to securing these tools.

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

___________________________

Resources

Francesco's LinkedIn Post: https://www.linkedin.com/posts/fracipo_bit-of-a-rant-on-the-security-tax-of-certain-activity-7139650868064202753-LZ21/

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Guest: Francesco Cipollone, CEO & Founder at Phoenix Security [@sec_phoenix]

On LinkedIn | https://www.linkedin.com/in/fracipo/

On Twitter | https://twitter.com/FrankSEC42

On YouTube | https://www.youtube.com/@phoenixsec

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

Imperva | https://itspm.ag/imperva277117988

Pentera | https://itspm.ag/penteri67a

___________________________

Episode Notes

In this episode of Redefining CyberSecurity Podcast, host Sean Martin is joined by Francesco Cipollone from Phoenix Security for a riveting conversation on the vulnerabilities associated with using pre-made tools for website development. The dialogue revolves around the inherent security risks these tools pose, especially when used by non-technical teams like marketing.

Francesco shares a fascinating account of discovering a potential SQL injection in a well-known CRM system. This revelation underscores the importance of input validation and the necessity of secure defaults in any tool. The discussion also brings to light the fact that many systems do not consider these potential security risks as standard, often requiring additional licenses or configurations for basic security measures.

The conversation takes an interesting turn as they discuss a new concept of a Workflow Bill of Materials™ (WBOM)—a term coined by the host, Sean Martin, for the first time. This idea extends beyond the typical focus on software bill of material security (which often focuses on source code, services, and APIs) to include a broader view of the tools and systems that teams use in their daily operations. The WBOM concept emphasizes the need for organizations to understand the associated risks of these tools and implement more secure practices.

Sean and Francesco highlight the importance of threat modeling in identifying potential risks. They also discuss the challenges organizations face in ensuring security, especially when these tools are used by teams with zero security knowledge. The episode concludes with a call to action for the industry to move towards security by default and the ethical use of technology.

This episode offers listeners an insightful look into the complexities of cybersecurity in the context of commonly used tools and systems, and the urgent need for a shift in perspective when it comes to securing these tools.

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

___________________________

Resources

Francesco's LinkedIn Post: https://www.linkedin.com/posts/fracipo_bit-of-a-rant-on-the-security-tax-of-certain-activity-7139650868064202753-LZ21/

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Guests: 

Arvin Bansal, CISO Americas, Nissan Motor Corporation [@Nissan]

On LinkedIn | https://www.linkedin.com/in/arvinbansal/

Justin Beachler, Director of Trust and Security at BugCrowd [@Bugcrowd]

On LinkedIn | https://www.linkedin.com/in/justin-beachler-4781177/

____________________________

Host: 

Host: Ben Schmerler, Host of Tech Done Different Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/ben-schmerler

____________________________

This Episode’s Sponsors

BlackCloak | https://itspm.ag/itspbcweb

Brinqa | https://itspm.ag/brinqa-pmdp

SandboxAQ | https://itspm.ag/sandboxaq-j2en

____________________________

Episode Notes

The segment is going to tie into the theme of RSAC, which is "Stronger Together." Ben's idea was to get decision makers together to discuss "Managing Security Risks When There Are Too Many Cooks In The Kitchen." More importantly, the idea is to talk about how managing security is challenging in part due to the fact that there isn't really one expert, product, service, or leader who knows all there is about security, yet we have to protect ourselves from a variety of risks anyway. We want to get into how to deal with these management and leadership challenges and hopefully get into strategy.

The panel will cover:

• Prioritizing security risks from different security disciplines.
• Finding the right talent to handle these diverse risks and related expertise?
• What kinds of security management tasks make sense to outsource in order to achieve better results, and which require in house experts?
• How do you deal with the changes in how we view managing security and where do you think this is going in the future?

____________________________

For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverage

Are you interested in telling your story in connection with RSA Conference by sponsoring our coverage?

👉 https://itspm.ag/rsac23sp

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/podcast-series-sponsorships

Be sure to share and subscribe!

Guests: 

Arvin Bansal, CISO Americas, Nissan Motor Corporation [@Nissan]

On LinkedIn | https://www.linkedin.com/in/arvinbansal/

Justin Beachler, Director of Trust and Security at BugCrowd [@Bugcrowd]

On LinkedIn | https://www.linkedin.com/in/justin-beachler-4781177/

____________________________

Host: 

Host: Ben Schmerler, Host of Tech Done Different Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/ben-schmerler

____________________________

This Episode’s Sponsors

BlackCloak | https://itspm.ag/itspbcweb

Brinqa | https://itspm.ag/brinqa-pmdp

SandboxAQ | https://itspm.ag/sandboxaq-j2en

____________________________

Episode Notes

The segment is going to tie into the theme of RSAC, which is "Stronger Together." Ben's idea was to get decision makers together to discuss "Managing Security Risks When There Are Too Many Cooks In The Kitchen." More importantly, the idea is to talk about how managing security is challenging in part due to the fact that there isn't really one expert, product, service, or leader who knows all there is about security, yet we have to protect ourselves from a variety of risks anyway. We want to get into how to deal with these management and leadership challenges and hopefully get into strategy.

The panel will cover:

• Prioritizing security risks from different security disciplines.
• Finding the right talent to handle these diverse risks and related expertise?
• What kinds of security management tasks make sense to outsource in order to achieve better results, and which require in house experts?
• How do you deal with the changes in how we view managing security and where do you think this is going in the future?

____________________________

For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverage

Are you interested in telling your story in connection with RSA Conference by sponsoring our coverage?

👉 https://itspm.ag/rsac23sp

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/podcast-series-sponsorships

Be sure to share and subscribe!

Join Jim Gast and guest Paul Unger to explore the ethical and security challenges of modern-day legal practices.
Discover safe storage practices for confidential data and gain valuable insights on safeguarding client privacy.
We'll also delve into the latest security risks and how to protect your client data.
Stay ahead of the game and learn how to navigate the ever-evolving cybersecurity landscape in the legal profession.

No Law Firm Left Behind is made possible by our friends at SpliceNet Consulting
Connect with Jim Gast: https://www.linkedin.com/in/jamesgast
Find our past shows: https://www.splice.net/nolawfirmleftbehind

In this episode, we discuss the recent controversy surrounding the footage aired by Tucker Carlson on Fox News regarding the January 6, 2021 US Capitol attack. We analyze the footage and its implications, including the portrayal of Capitol Police Officer Brian Sicknick and the QAnon Shaman. We also discuss the potential security risks associated with the release of all Capitol security footage, and the differing opinions on the role of Democrats, the medical examiner, and Trump supporters in the attack.

What do we need to know about digital security as website owners and SaaS founders? Our guest today is Michael Buckbee, the founder of Expedited Security. We talk about different aspects of security online: top risks, TLS/SSL, encryption, VPNs, bug bounties, and much more.

Podcast feed: subscribe to https://feeds.simplecast.com/4MvgQ73R in your favorite podcast app, and follow us on iTunes, Stitcher, or Google Play Music.

Show Notes

• Expedited Security, Expedited WAF — Michael's products
• Transport Layer Security — a Wikipedia article on TLS/SSL
• Penetration test — a method for evaluating security
• California Consumer Privacy Act — the new privacy bill alongside GPDR
• OWASP Top Ten — a globally recognized list of top web application security risks
• Let's Encrypt — free SSL/TLS certificates
• Public-key cryptography — a cryptographic system that uses public keys and private keys
• Encrypt.me — a VPN service
• Algo VPN — a free tool by Trail of Bits for setting up your own VPN
• Responsible disclosure — a model for disclosing vulnerabilities
• Follow Michael on Twitter: @mbuckbee

Today's Sponsor

This episode is brought to you by Lightmatter. Have you ever wondered how top companies ship new features so quickly? Or have you ever struggled to get that awesome UX and UI you were going for? That’s where Lightmatter comes in. They act as a direct extension of design and development teams at some of the world’s top companies. Whether your company needs a new brand, website, or app, they can help. Check them out at lightmatter.com/uibreakfast to learn more.

Interested in sponsoring an episode? Learn more here.

Leave a Review

Reviews are hugely important because they help new people discover this podcast. If you enjoyed listening to this episode, please leave a review on iTunes. Here's how.