Shows
IANS Cyber IntelSecurity Briefing: Verizon DBIR 2025 Highlights, Mobile Security, Darcula GenAI ConcernsApril 30th, 2025 Security Briefing with IANS Faculty Dave Shackleford and Shannon LietzThis Episode Details: Verizon DBIR 2025: In this year’s version of the Verizon Data Breach Investigations Report (DBIR), there were several main takeaways.State of Mobile Security 2025: With adversaries' growing interest in mobile attack vectors, this year’s State of Mobile Security report by NowSecure introduces a need to help users understand that they should minimize what they add to their phones.Darcula Gets GenAI Features: Netcraft researchers have documented the extension of Darcula with GenAI features, reducing the barrier to entry for attackers looking to create the...2025-04-3030 min
The Elephant in AppSecSecurity IDE Plugins: Can They Really Boost Your Coding Security? ⎜Jamie ScottToday, I'm joined by Jamie Scott, a recovering cybersecurity practitioner turned founding product manager at Endor Labs. Previously, Jamie served as Product Manager of Security at Redis, where he was an active open-source contributor, and as DevSecOps Manager at Cygna Healthcare.Jamie is also a Certified Information Systems & Cloud Security Professional and continues to contribute to the cybersecurity community. He co-authored several benchmarks and volunteers as a consultant for the Center for Internet Security.In this episode, we dive into the topic of IDE plugins: Do they help you...2025-04-1840 minIANS Cyber IntelSecurity Briefing: Azure DDoS Attack, Cloudflare Malware Delivery, DNS PoisoningAugust 7th, 2024 Security Briefing with IANS Faculty Dave Shackleford and Shannon Lietz
This Episode Details:
Azure’s DDoS Outage - Microsoft experienced a major outage in its Azure service at the end of July, which it later attributed to an ongoing DDoS attack. Numerous Azure and M365 services were impacted, including Entra, Intune, Purview, Azure Policy and more.
Malware Delivery via Cloudflare Tunnels - Cloudflare Tunnels (similar to VPN tunnels from Cloudflare) have been heavily involved in malware dissemination campaigns. Numerous actors have used these through the TryCloudflare free service to distribute remote access trojans (RATs) like Venom...2024-08-0729 minIANS Cyber IntelSecurity Briefing: Twilio Authy Breach, Rockwell Automation PanelView Flaws, HealthEquity Data ExposedJuly 10th, 2024 with IANS Faculty Jessica Hebenstreit and Shannon Lietz
This Episode Details:
Phone Numbers Leaked in Twilio Breach - On July 1, 2024, Twilio posted a security alert on their site indicating the Authy service had a security incident following an announcement by the ShinyHunters hacking group in late June on BreachForums where they disclosed the leaked data for 33M Authy users.
Critical Vulnerabilities in Rockwell Automation PanelView Plus - The Microsoft Defender for IoT research team was able to identify and surface vulnerabilities in PanelView Plus, determined during an investigation where application behavior and th...2024-07-1028 min
AI the Law & YouVoice Actors Sue Lovo after hearing their own voices in a podcast they never recorded We've got two representative plaintiffs that purport to essentially represent a group of similarly situated people. And in this case, they talk about potentially hundreds, if not thousands of similarly situated actors. The first question I have is, is to what extent do these two actors, pursuant to their SAG agreement, have the right to sue um, in light of the claims?In other words, they're members of a union. They are represented by that union, and typically the union steps in for them to advocate their professional position. This is a claim that, that, as I re...2024-05-2831 minAI the Law & YouAWS Whistleblower says Amazon is Ignoring its own AI PoliciesFrom Shannon Lietz: For companies that are starting to adopt things like AI, and Copilot, and ChatGPT, and LLAMA, and you name whatever LLM that's out there, Are they evaluating their policies with relationship to how data gets used ? My perspective is, if you're going to bring in public data, or you're going to bring in copyrighted materials, note that because it could be a concern. It could end up in something that does get flagged for future lawsuits.From Mark Miller: In today’s episode, Joel, Shannon and I discuss a case where an employee at AW...2024-05-2122 minAI the Law & YouThe Story Behind the Google Fine by the French Competition AuthorityFrom Joel MacMull: The French competition authority last week said the tech giant, Google, failed to negotiate fair licensing deals with media outlets and did not tell them it was using their articles to train its chatbot. And as a consequence, it fined Google about 270 million US dollars. The fine was in Euros, but that's roughly what we're dealing with in terms of a conversion rate.So it's not nothing, but also for one of the largest tech companies in the world, it's, it's, you know, certainly not going to make a material difference to their bottom...2024-04-2616 minAI the Law & YouAir Canada: Chatbot is a legal entity responsible for its own actionsIn today’s episode, we talk about how Air Canada tried to defend itself in court by contending that the chatbot on its company site is its own entity and is separate from Air Canada. A lot of the “fun” in this case is the absurdity of the defense. However, it’s a good case for thought experiments, thinking about the near term future of AI and who ultimately is responsible for its output. While prepping for this call, I really did dig into the case here because of the absurdity of it in my mind. Joel, give us a...2024-03-0530 minAI the Law & YouIntroducting AI host, AILAH: The George Carlin deepfake video case. Is it defensible?In today's episode, we investigate a case featuring a deep fake of a George Carlin comedy routine. We're also adding a new host, the voice of AILAH, an AI engine who will be giving us real time responses to questions within the discussion. Shannon and I were intrigued by some of the ideas AILAH came up with, which moved our thoughts in a direction different from where we originally intended. Adding eyelid to the mix turned in. Adding AILAH to the mix turned this into a very interesting discussion. Mark: "AILAH, give us an overview...2024-02-2323 min
It's 5:05! Daily cybersecurity and open source briefingPOV Friday: Recent large-scale Microsoft breach.It's February 9, 2024 and time for Point of View Friday where we cover a single topic from multiple perspectives. Today's point of discussion is the recent large-scale Microsoft breach. We have perspectives from Trac Bannon in Camp Hill, Pennsylvania, Olimpiu Pop in Transylvania, Romania and Shannon Lietz in San Diego, California. We'll start with Katy Craig also in San Diego, connecting the dots between the HPE breach and Microsoft. Resources and 300+ episodes, all free, all ungated:https://505updates.com/2024-02-0912 minAI the Law & YouThe Legal Confusion between AI and Generative AI in the CourtsYou are listening to AI, the Law and You, a show where a lawyer, a layman, and a technologist discuss the current state of AI in court filings and the court's response to those filings. These are not scripted talking points. What you hear are real conversations between Joel MacMull (the lawyer), Shannon Lietz (the technologist), and Mark Miller (the layman). In today's episode, we discussed the confusion in the court system about the differences between AI and Generative AI. We'll start with Joel giving a brief overview of the current state of AI in the courts. ...2024-01-3022 minAI the Law & YouAI Copyright Law for Non-Humans, with Joel MacMull, Shannon Lietz, and Mark MillerIn today's episode, we examine the case of Steven Thaler trying to copyright protect a piece of artwork generated by his instructions to an AI creation engine. We'll start with Joel's overview of the case.The Thaler case is interesting for a couple of reasons. One is obviously that it deals with AI, but it is also an extension of existing legal principles. I mean, the long and short of it is, was that Stephen Thaler applied for a copyright with the Copyright Office. He indicated that he was the claimant, but that the author was essentially...2024-01-1624 min
It's 5:05! Daily cybersecurity and open source briefingPoV Friday: 2024 Predictions for AI and Cyber Legislation with Trac Bannon, Edwin Kwan, Olimpiu Pop, and Shannon Lietz It's January 12th, 2024, and time for Point of View Friday, where we cover a single topic from multiple perspectives. Today's point of discussion is what does the future look like for AI and cyber legislation? We have perspectives from Edwin Kwan in Sydney, Australia, Trac Bannon and Camp Hill, Pennsylvania, Olympia Pop from Transylvania, Romania. We'll begin with Shannon Lietz in San Diego, California on the Win, Lose or Draw when considering cyber legislation. Resources and 300+ episodes, all free, all ungated:https://505updates.com/2024-01-1212 minAI the Law & YouWho is Culpable when Michael Cohen Feeds Bogus Citations to his Legal Counsel?In today’s episode, we examine the case against Michael Cohen, former Trump legal advisor, whose own counsel was exposed in a New York Times article on December 29, 2023, for using ChatGPT, non-existence legal citations in a court filing. The interesting twist to the story is that Cohen, himself, provided those citations to his counsel. I’ll let lawyer Joel MacMull explain the details, before technologist Shannon Lietz and I jump to add our thoughts on the case. Background: Michael Cohen gave his then lawyer, some fictitious citations that he had identified from Google BARD, that of course were...2024-01-0925 min
It's 5:05! Daily cybersecurity and open source briefingPoV Friday: 2024 Predictions for AI with Edwin Kwan, Trac Bannon, Olimpiu Pop and Shannon LietzFrom @Sourced Network Productions, It's 5:05!, the Podcast , with your daily cybersecurity and opensource news headlines. 🎙️ Free, ungated access to 300+ episodes of “It’s 5:05!” on your favorite podcast platforms: bit.ly/505-updatesIt’s January 5, 2024, and time for Point of View Friday, where we cover a single topic from multiple perspectives. Today’s point of discussion is “What does the near future look like for AI, what should you consider when utilizing AI for your personal use or business solution?”Today’s contributors are Trac Bannon from Camp Hill Pennsylvania, Olimpiu Pop from Transylvania Romania, Shannon Lietz from San Diego...2024-01-0515 min
It's 5:05! Daily cybersecurity and open source briefingEpisode #304: Edwin Kwan: Google Chrome Safety Check Feature Enhancements; Shannon Lietz: EU CRA: Win | Lose | Draw; Olimpiu Pop: Year in Review: Ukraine and the cyberwar; Marcel Brown: This Day in Tech HistoryFree, ungated access to all 300+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: December 31st, 1999. The world waits in anticipation of the year 2000 and the potential disasters that might be brought about by the Y2K bug. Just for fun, I set up my home with a remote control to turn off all the lights in my house and the TV our friends would be watching at our New Year's Eve party. Seconds after mid...2023-12-2914 min
It's 5:05! Daily cybersecurity and open source briefingSpecial Report: POV Friday - Four Opinions on the EU AI Act.From Sourced Network Productions, It's 5:05!, the Podcast , with a special report on the EU AI Act. It’s Point of View Friday, featuring Trac Bannon, Katy Craig, Shannon Leitz, and Olimpiu Pop, with their perspectives on the release of the EU AI Act. We’ll start with Katy Craig.Katy Craig: Today, we’re diving into a significant milestone in AI regulation: the European Union’s recent passing of the AI Act. This legislation is set to shape how AI is used across industries, but it also raises questions about potential, unintended consequences.Trac Bannon: The EU i...2023-12-1712 min
It's 5:05! Daily cybersecurity and open source briefingEpisode #295: Edwin Kwan: Apple Beta Testing Stolen Device Protection Feature; Marcel Brown: This Day in Tech History; Katy Craig: EU AI Act: Significant Milestone in AI Regulation; Trac Bannon: EU AI Act: Does it Leave U.S. in the Dust?; Shannon Lietz: EU AI Act: Win, Lose, or Draw?; Olimpiu Pop: EU AI Act: A Baseline for RegulationFree, ungated access to all 295+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: December 16, 2003. The CAN SPAM Act of 2003 is signed into United States law. Passed in an attempt to control the growing deluge of junk email, the law's effectiveness is dubious at best. Especially considering political spam is exempt from the law.Edwin Kwan: Apple will soon be introducing a stolen device protection feature, which is aimed at enhancing security if an...2023-12-1517 min
It's 5:05! Daily cybersecurity and open source briefingSpecial Report: Point of View Friday - Four Opinions on the OWASP BOM Maturity Model, with Trac Bannon, Katy Craig, Shannon Lietz, and Olimpiu PopFrom @Sourced Network Productions, @It's 5:05!, the Podcast , with a special report on the release of the OWASP BOM Maturity Model. It’s Point of View Friday, featuring Trac Bannon, Katy Craig, Shannon Leitz, and Olimpiu Pop, with their perspectives on the release of the BOM Maturity Model by the OWASP Foundation. We’ll start with Trac Bannon.🎙️ Free access to 280+ episodes of “It’s 5:05!” on your favorite #podcast platforms: bit.ly/505-updates2023-12-1010 min
It's 5:05! Daily cybersecurity and open source briefingEpisode #290: Edwin Kwan: Bluetooth Authentication Bypass Vulnerability in Apple and Linux; Marcel Brown: This Day in Tech History; Trac Bannon: OWASP BOM Maturity Model: Is It Valuable?; Katy Craig: OWASP BOM Maturity Model: A Benefit for Consumers; Olimpiu Pop: OWASP BOM Maturity Model: Is it too soon?; Shannon Lietz: OWASP BOM Maturity Model: Win, Lose, or Draw?Free, ungated access to all 290+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: December 8th, 1975. Paul Terrell opens the Byte Shop in Mountain View, California, one of the first retail computer stores in the world. Paul Terrell and the Byte Shop are most famously known for ordering the first 50 computers from Steve Jobs and Steve Wozniak's fledgling Apple Computer Company in 1976.Edwin Kwan: A Bluetooth authentication bypass vulnerability has been discovered to be im...2023-12-0817 min
It's 5:05! Daily cybersecurity and open source briefingSpecial Report: POV Friday with Shannon Lietz - OpenAI and Microsoft: Win, Lose, or Draw?Hi, this is Shannon Leitz from San Diego, California. With all the brouhaha going on with Sam Altman and OpenAI, there's a lot to unpack and digest. A few things for all of us. When OpenAI, not yet a year ago, released its ChatGPT to the world, a fabulous capability if you ask me, it was pretty obvious at the time that they were chasing adoption and velocity as a brand new organization entering into the market.I say that because most folks know that there's sort of a chase for go to market. When...2023-11-2403 min
It's 5:05! Daily cybersecurity and open source briefingEpisode #280: Edwin Kwan, Australia Shelves Plan To Ban Ransomware Payments; Trac Bannon, OpenAI:Should Camelot Be Restored?; Katy Craig, Sam Altman's Triumphant Return; Shannon Lietz, OpenAI and Microsoft: Win, Lose, or Draw?; Olimpiu Pop, OpenAI Opened the Window to the Future.🎙️ Free, ungated access to all 280+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates.Marcel BrownNovember 25, 2002. Digital media software company, Roxio, purchases the assets of the former Napster, including name, logo, domain name, technology portfolio, and other intellectual property. Roxio was the first company to attempt to use the Napster brand for a music service, renaming PressPlay as Napster 2.0.Edwin Kwan The Australian government has shelved plans to ban ransomware payments to cybercriminal groups for at least two years. The government had put the question to the industry in...2023-11-2419 minIt's 5:05! Daily cybersecurity and open source briefingEpisode #275: Edwin Kwan: Popular WordPress Plugin Exposes over 600K to Attacks; Marcel Brown: This Day in Tech History; Katy Craig: EU AI Act; Shannon Lietz: The AI Act; Olimpiu Pop: To Regulate Or Not To Regulate AI in EUFree, ungated access to all 275+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: November 17th, 1970. Douglas Engelbart receives a U. S. patent for his XY Position Indicator for a display system, more commonly known as the computer mouse. Engelbart called his device a mouse because the cord looked like a tail. Edwin Kwan: A popular WordPress plugin has been discovered to be vulnerable to a high-severity vulnerability. There are currently more than 600...2023-11-1714 min
It's 5:05! Daily cybersecurity and open source briefingEpisode #265: Edwin Kwan: Who Should Bear the Cost of Invoice Scam?; Marcel Brown: This Day in Tech History; Olimpiu Pop: DORA Metrics - an agile, emotionally safe culture is the way; Shannon Lietz: Security in the DORA Report ; Nathen Harvey: Insights on AI in the DORA ReportFree, ungated access to all 265+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: November 3rd, 1957. The Soviet Union launches Sputnik the second spacecraft launched into Earth orbit and the first spacecraft to carry a living creature into orbit. Laika, the Siberian Husky dog, unfortunately only survived a few hours into the flight and died from stress and overheating.Edwin Kwan: Who should bear the cost of invoice scam? The victim, the company the...2023-11-0317 min
It's 5:05! Daily cybersecurity and open source briefingEpisode #260: Edwin Kwan: OAuth Implementation Flaw Allowing Account Takeover; Marcel Brown: This Day in Tech History; Katy Craig: HTTP/2 RapidReset Attack; Olimpiu Pop: HTTP/2 RapidReset: Zero-day Vulnerability; Shannon Lietz: RapidReset: How Critical is ItFree, ungated access to all 260+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: October 28th, 1998. US president Bill Clinton signs into law the Digital Millennium Copyright Act, or DMCA. The law is intended to criminalize production and dissemination of technology designed to circumvent digital copyright protection, known as Digital Rights Management, or DRM.Edwin Kwan: Security researchers discovered critical misconfiguration flaws in the implementation of the Open Authorization or OAuth standard by three p...2023-10-2716 minIt's 5:05! Daily cybersecurity and open source briefingEpisode #255: Edwin Kwan: Top Password Used By IT Admins is ‘admin’; Hillary Coover: Is X's Anti-Disinformation Tool Backfiring; Shannon Lietz: Is Hashicorp’s Move a Win, Lose, or Draw; Olimpiu Pop: Is Open Source Reaching EOL? Maybe, according to Hashicorp; Marcel Brown: This Day in Tech HistoryFree, ungated access to all 255+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: October 21st, 1879. Thomas Edison perfects the first commercially practical incandescent light bulb using a filament of carbonized cotton thread. Edison's successful design came only after he had tested over 6, 000 different vegetable fibers. Edwin Kwan: Security researchers have discovered that IT administrators are using weak passwords to protect access to portals, providing easy access to attackers to enterprise networks. An a...2023-10-2013 minIt's 5:05! Daily cybersecurity and open source briefingEpisode #250: ChatGPT’s maker OpenAI is thinking about making AI chips; Curl Patches Worst Security Flaw in Ages; Is OpenAI the Next Google🎙️ Free, ungated access to all 235+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we're covering today.Marcel Brown: October 13th, 1983. Ameritech Mobile Communications executive, Bob Barnett, makes a phone call from a car parked near Soldier Field in Chicago, officially launching the first cellular network in the United States.Edwin Kwan: Patches have been released for two security vulnerabilities affecting the Curl data transfer library, one of which could potentially result in code execution. Katy Craig: OpenAI, a leading AI...2023-10-1312 min
Security Weekly Podcast Network (Audio)Software Trust & Adversaries, Developer-Focused Security - Shannon Lietz, Melinda Marks - ASW #246Infosec is still figuring out useful metrics, how to talk about risk, and how to make resilience more relevant. Shannon talks about a new community effort to measure software trust. She also covers threat modeling and adversary management as steps towards determining an org's resiliency and security. Segment Resources: https://community.ravemetrics.com Melinda will share results from her study last year on developer-focused security, "Walking the Line: Shift Left and GitOps Security" and discuss trends to help security keep up with modern software development. Segment Resources: ESG Complete Survey Results: Walking the Line: GitOps a...2023-07-111h 16
Application Security Weekly (Audio)Software Trust & Adversaries, Developer-Focused Security - Shannon Lietz, Melinda Marks - ASW #246Infosec is still figuring out useful metrics, how to talk about risk, and how to make resilience more relevant. Shannon talks about a new community effort to measure software trust. She also covers threat modeling and adversary management as steps towards determining an org's resiliency and security. Segment Resources: https://community.ravemetrics.com Melinda will share results from her study last year on developer-focused security, "Walking the Line: Shift Left and GitOps Security" and discuss trends to help security keep up with modern software development. Segment Resources: ESG Complete Survey Results: Walking the Line: GitOps a...2023-07-111h 16
Application Security Weekly (Video)Software Trust & Adversaries - Shannon Lietz - ASW #246Infosec is still figuring out useful metrics, how to talk about risk, and how to make resilience more relevant. Shannon talks about a new community effort to measure software trust. She also covers threat modeling and adversary management as steps towards determining an org's resiliency and security. Segment resources: https://community.ravemetrics.com Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-246 2023-07-1134 minApplication Security Weekly (Video)Software Trust & Adversaries - Shannon Lietz - ASW #246Infosec is still figuring out useful metrics, how to talk about risk, and how to make resilience more relevant. Shannon talks about a new community effort to measure software trust. She also covers threat modeling and adversary management as steps towards determining an org's resiliency and security. Segment resources: https://community.ravemetrics.com Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-246 2023-07-1134 min
Real TechnologistsReal Technologists: Shannon LietzMy friend and mentor, Mark Miller, recently introduced me to Shannon Lietz. She joined our global journalist pool for a cybersecurity and open source podcast called "It's 5:05." Mark gushed about Shannon going as far as saying, Shannon coined the term DevSecOps. Okay. To be fair, everyone knows Patrick Debaux coined DevOps, but neither Google nor ChatGPT agreed on where the term DevSecOps originated. That being said, I did find out that Shannon has been wildly active on the DevSecOps scene going back to 2015. At the time. She took on responsibility for introducing DevSecOps to Intuit an...2023-06-2822 min
It's 5:05! Daily cybersecurity and open source briefingEpisode #158 - KeePass Releases Vulnerability Fix, CISA Orders MOVEit Bug Patch, ChatGPT, Can I Trust You?Hey, it's 5:05 on Wednesday. June 7th, 2023. From the Sourced Podcast Network in New York City, this is your host, Pokie Huang. Stories in today's episode come from Edwin Kwon in Sydney, Australia, Katy Craig in San Diego, California, Shannon Lietz in San Diego, California, Marcel Brown in St. Louis, Missouri. Let's get to it.KeePass Releases Fix for Master Password Compromise Vulnerability🇦🇺 Edwin Kwan, Sydney, Australia ↗KeePass v2.54 fixes bug that leaked cleartext master passwordCISA Orders Patch for MOVEit bug🇺🇸 Katy Craig, San Diego, California ↗Known Exploited...2023-06-0709 min
It's 5:05! Daily cybersecurity and open source briefingEpisode #145 - Apple Zero Day Fix, Apple App Store Transparency, Unmasking Cyber Resilience, Bounty for Russian Cybercriminal, FleeceGPTFrom the Sourced Network Production you New York city, it's 5:05, on Friday, May 19th, 2023. This is your host, Pokie Huang. Stories in today's episode come from Edwin Kwan in Sydney, Australia, Shannon Lietz in San Diego, California, Ian Garrett in Arlington, Virginia, Olimpiu Pop in Transylvania, Romania, Katy Craig in San Diego, California and Marcel Brown in St. Louis, Missouri. Let's get to it. Apple Releases Fixes for Three Zero Days🇦🇺 Edwin Kwan, Sydney, Australia ↗Apple fixes three new zero-days exploited to hack iPhones, MacsApple Updates EverythingCheck o...2023-05-1914 min
It's 5:05! Daily cybersecurity and open source briefingEpisode #138 - Sydney Cancer Treatment Center Data Breach, AI Hacking Skills, Spot Dog, ASTHey, it's 5:05 on Wednesday, May 10th, 2023. From the Sourced Podcast Network in New York city, this is your host, Pokie Huang. Stories in today's episode come from Edwin Kwan in Sydney, Australia, Shannon Lietz in San Diego, California, Katy Craig in San Diego, California, Olimpiu Pop, in Transylvania, Romania, and Marcel brown in St. Louis, Missouri. Let's get to it.Sydney Cancer Treatment Center Suffers Data Breach🇦🇺 Edwin Kwan, Sydney, Australia ↗Crown Princess Mary Cancer Centre in Westmead Hospital in cyber attack, hackers threatening to release stolen data - ABC NewsIt’...2023-05-1012 min
It's 5:05! Daily cybersecurity and open source briefingEpisode #136 - New Privacy Commissioner in Australia, RSAC Misses the Mark, The 124 hour gift, Software Supply Chain AttackHey, it's 5:05 on Monday, May 8th, 2023. From the Sourced Podcast Network in New York City, this is your host, Pokie Huang. Stories in today's episode come from, Edwin Kwan in Sydney, Australia, Trac Bannon in Camp Hill, Pennsylvania, Derek Weeks in Bethesda, Maryland, Shannon Lietz in San Diego, California and Marcel brown in St. Louis, Missouri. Let's get to it. Australia to Have New Privacy Commissioner🇦🇺 Edwin Kwan, Sydney, Australia ↗New privacy commissioner to ensure personal data protectionRSAC Misses the Mark: The Need for Being Secure by Design🇺🇸...2023-05-0813 min
It's 5:05! Daily cybersecurity and open source briefingEpisode #128 - Live from RSAC, Disclosure Transparency, Google AuthenticatorHey, it's 5:05 on Wednesday, April 26th, 2023 from the Sourced Podcast Network in New York City, this is your host, Pokie Huang Stories in today's episode, come from Edwin Kwan in Sydney, Australia, Shannon Lietz in San Diego, California, Trac Bannon live at RSAC with DJ Schleen and Kadi Grigg, Mark Miller reporting live at the RSAC floor with Brian Reed.Let's get to it.Mark Miller and Brian Reed live at RSAC🇺🇸 Mark Miller, San Francisco, CA ↗Trac Bannon and DJ Schleen, Kadi Grigg live at RSAC2023-04-2614 min
daBOMIt's all about Trust... Guest: Shannon LeitzIt was back in early 2017 when an annual tradition started in a hickory smoke filled lounge in San Francisco. I'd found myself at B-55 in the Marriott Marquis sitting around a large table after her day of presentations at the RSA Conference. Surrounding me were some of the originators of DevOps, thought leaders from the Rugged Movement, horseman from I am the Cavalry, innovators from the Chaos Engineering tribe....and at the head of the table was Shannon Lietz - the original gangster of DevSecOps. If you know anything about DevSecOps, you know wh...2023-04-2528 min
It's 5:05! Daily cybersecurity and open source briefingEpisode #126 - RSA 2023, RSA Becomes Questionable?, AI Hype, Unmaintained Wordpress Plugin, Kubernetes ReportHey, it's 5:05 on April 24th, 2023. Happy Monday! Stories in today's episode come from Trac Bannon in San Francisco, California, Katy Craig in San Diego, California, Edwin Kwan in Sydney, Australia, Shannon Lietz in San Diego, California and Marcel Brown in St. Louis, Missouri. We'll begin our first segment today from our Executive Producer, Mark Miller from RSA Conference in San Francisco.Let's get to it.RSA 2023🇺🇸 Mark Miller, New York City ↗Has the RSA Conference Become Questionable??🇺🇸 Tracy (Trac) Bannon, San Francisco , California ↗DevOps Connect at RSAC: DevOps is Now De...2023-04-2411 min
It's 5:05! Daily cybersecurity and open source briefingEpisode #125 - LLM Datasets, Securing Supply Chain, Cybersecurity Wins, RBA K8s ExploitHey,it's 5:05. Thanks for being here on Friday,April 21st, 2023 from the Sourced podcast Network in Camp Hill, Pennsylvania. This is your host, Bob Bannon. Stories in today's episode, come from Edwin Kwan in Sydney, Australia, Mark Miller in New York, Katy Craig in San Diego, California, and Shannon Lietz in San Diego California. Pokey will be back on Monday, but for now I still have the controls. Let's get to it. LLM Datasets🇺🇸 Katy Craig, San Diego, California ↗Inside the secret list of websites that make AI like ChatGPT sound smart2023-04-2109 min
It's 5:05! Daily cybersecurity and open source briefingEpisode #124 - RSAC SFO 2023, Security Quest, Lazarus North Korea, Attack RecordsHey, it's 5:05. Thanks for tuning in on Thursday, April 20th, 2023 from the Sourced podcast Network in Camp Hill, Pennsylvania. This is your host, Bob Bannon. Stories in today's episode, come from Mark Miller in New York, Shannon Lietz in San Diego, California, Edwin Kwan in Sydney, Australia, Kadi Grigg in Alexandria, Virginia and Marcel Brown in St. Louis, Missouri. A special note today, Our first segment is from Executive Producer Mark Miller, giving a preview of next week’s RSA Conference in San Francisco. Take it away Mark.Meet us at RSA Conference 2023🇺🇸 Mark MillerThe...2023-04-2011 min
It's 5:05! Daily cybersecurity and open source briefingEpisode #123 - Australians Losses Increased, CryptoClippy, Radical Transparency, CyberSecurity BenchmarksHey,it's 5:05. Thanks for being here on Wednesday, April 19th, 2023 fromthe Sourced podcast Network in Camp Hill, Pennsylvania. This is yourhost, Bob Bannon. Stories in today's episode, come from Edwin Kwan inSydney, Australia. Katy Craig in San Diego, California. Shannon Lietzin San Diego, California, Derek Weeks in Bethesda, Maryland andMarcel Brown in St. Louis, Missouri. Pokeys on vacation. I have thecontrols. Let's get to it. Australians Scam Losses in 2022 increased by 80% Edwin Kwan, Sydney, Australia ...2023-04-1911 min
It's 5:05! Daily cybersecurity and open source briefingEpisode #122 - Selling Surveillance, New Era Security, Chatty Hacker, $50M Safe SecurityHey,It's 5:05. Glad you can be here on Tuesday, April 18th, 2023 from the Sourced Podcast Network in Camp Hill, Pennsylvania. This is your host, Bob Bannon. Stories in today's episode come from Mark Miller in New York City, Katy Craig in San Diego, California, Shannon Leitz, in San Diego, California, Edwin Kwan in Sydney, Australia. Ian Garrett in Arlington, Virginia. and Marcel Brown in St. Louis, Missouri. Pokes on vacation. I have the controls. Let's get to it.2023 State of Cyber Assets Report🇺🇸 Mark Miller, New York City ↗JupiterOne, 2023 State of...2023-04-1814 min
rabili5410cShannon Lietz2022-01-2800 min
rabili5410cShannon Lietz2022-01-2800 min
the CYBER5External Threat Hunting & Active Defense by Director of Adversary Management & Threat Intelligence at Intuit Shannon LietzIn episode 39 of the Cyber5, we are joined by Director of Adversary Management & Threat Intelligence at Intuit Shannon Lietz. Shannon discusses external threat hunting and an enterprise practitioner’s perspective of active defense. Here are the 5 Topics We Cover in This Episode: 1. Defining Active Defense and External Threat Hunting: (01:34-02:51) We start with a proper definition of active defense and external threat hunting. While both terms are often misunderstood, an appropriate definition is the deep understanding of adversaries and the company’s capabilities to defend from the outside the firewall looking in. 2...2021-02-1016 min
The OWASP Podcast SeriesThe Ops Side of DevSecOps w/ Damon EdwardsWhen Shannon Lietz and the team at DevSecOps.org published the DevSecOps Manifesto six years ago, security was uppermost in their minds. The manifesto starts with a call to arms…
“Through Security as Code, we have and will learn that there is simply a better way for security practitioners, like us, to operate and contribute value with less friction. We know we must adapt our ways quickly and foster innovation to ensure data security and privacy issues are not left behind because we were too slow to change.”
The effect of the DevSecOps movement was not understood by many, other than t...2021-01-2924 min
The Secure DeveloperAdvocating For The Securability Measure With Shannon LietzIn episode 58 of The Secure Developer, Guy Podjarny talks to Shannon Lietz, DevSecOps Leader and Director at Intuit. Shannon is a multi-award winning leader and security innovation visionary with 20 years of experience in motivating high performance teams. Today on The Secure Developer, we interview Shannon Lietz from Intuit. She is a multi-award winning leader and security innovation visionary with 20 years of experience in motivating high-performance teams. Her accolades include winning the Scott Cook Innovation Award in 2014 for developing a new cloud security program to protect sensitive data in AWS. She has a development, security, and operations background, w...2020-05-0742 min
Sources and SinksSoftware "Securibility" with Shannon LietzIn coversation with Shannon Lietz, Director of Adversary management at Intuit Inc. We talk about Securibility and its increasing centrality to developer led application security programs. We chat about two main pillars of securibility - exploitability and threat analysis with respect to an application. Shannon describes how a securibility metrics can help development teams achieve success for the goal of creating security software.Alok Shukla, VP of Products at Shiftleft, anchors this conversation from the eyes of a real life security practioner and as a host of this podcast.2020-04-0421 min
Paul's Security WeeklyBuzzword Bingo - Application Security Weekly #65This week, we interview Shannon Lietz, the Director Information Security at Intuit, to talk about DevOps! In the Application Security News, there's no escape that will save you..., the privilege of running a Chrome extension, and Four practices towards DevSecOps! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode65 Visit https://www.securityweekly.com/asw for all the latest episodes! Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly2019-06-181h 09Application Security Weekly (Audio)Buzzword Bingo - Application Security Weekly #65This week, we interview Shannon Lietz, the Director Information Security at Intuit, to talk about DevOps! In the Application Security News, there's no escape that will save you..., the privilege of running a Chrome extension, and Four practices towards DevSecOps! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode65 Visit https://www.securityweekly.com/asw for all the latest episodes! Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly2019-06-181h 09
Application Security Weekly (Audio)Buzzword Bingo - Application Security Weekly #65This week, we interview Shannon Lietz, the Director Information Security at Intuit, to talk about DevOps! In the Application Security News, there's no escape that will save you..., the privilege of running a Chrome extension, and Four practices towards DevSecOps! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode65 Visit https://www.securityweekly.com/asw for all the latest episodes! Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly2019-06-181h 09
Application Security Weekly (Video)Shannon Lietz, Intuit - Application Security Weekly #65Mike Shema and John Kinsella interview Shannon Lietz, the Director Information Security at Intuit about DevOps. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode65 Follow us on Twitter: https://www.twitter.com/securityweekly2019-06-1833 minApplication Security Weekly (Video)Shannon Lietz, Intuit - Application Security Weekly #65Mike Shema and John Kinsella interview Shannon Lietz, the Director Information Security at Intuit about DevOps. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode65 Follow us on Twitter: https://www.twitter.com/securityweekly2019-06-1833 min
DevOps ChatDevSecOps @ RSA Conference with James Wickett and Shannon LietzThe RSA Conference is just a month away. Once again RSAC promises to be the place where the world gathers around security. With upwards of 50,000 people attending, it is big by anyone's standard.
If you haven't already registered, here is a code for $100 dollars off a full conference pass (all sessions), 1U9DEVOPSFD
or get a free expo pass, 1U9DEVOPSXP
DevSecOps will be center stage this year, literally. Shannon Lietz, the found of DevSecOps.org will be keynoting as well as leading a week long track on DevSecOps. Appearing with Shannon, is another leader of the DevSecOps community, James...2019-02-0717 min
DevOps ChatThe DevSecOps Scene at RSA Conference 2019 w/ Shannon LietzThe RSA Conference is just a month away. Once again RSAC promises to be the place where the world gathers around security. With upwards of 50,000 people attending, it is big by anyone's standard.
If you haven't already registered, here is a code for $100 dollars off a full conference pass (all sessions), 1U9DEVOPSFD a free expo pass,
1U9DEVOPSXP
DevSecOps will be center stage this year, literally. Shannon Lietz, the found of DevSecOps.org will be keynoting as well as leading a week long track on DevSecOps. Shannon is our guest in this DevOps Chat.
Part 2 of this chat where...2019-02-0518 min
The OWASP Podcast SeriesSpy vs Spy in Application Security: Harvesting Adversaries"The guy who wrote wifi software with SSID never imagined that someone could use that SSID to transmit data by writing two smaller applications to leverage it. We are constantly going to be in this [type of] battle. Ultimately we've got to find a way to stay ahead of it by understanding the mechanisms by which we're writing the abuse case possibilities." -- Shannon Lietz
Following their session at DevOps Enterprise Summit 2018, I sat down and talked with Shannon Lietz and James Wickett to talk about who the real adversaries are when it comes to application security, what you can...2018-11-0216 min
The OWASP Podcast SeriesA Message from the Executive ProducerThis is Mark Miller, Executive Producer. 4 years ago I took over the creation and curation of the OWASP podcast series. In that time, there have been 118 episodes, with a combined listenership of over 269,000 plays. The series began as a way to speak with OWASP project leads and chapters leaders to let the community hear what was being worked on. Gradually, the show has morphed into something broader. Recent broadcasts highlighting the work done in the DevOps and DevSecOps Communities receives well over 2000 listeners per episode.
We have helped give exposure to DevSecOps practitioners at major AppSec Conferences in Europe and...2018-07-1502 min
The OWASP Podcast SeriesRSAC 2018 - Preview of Opening Session for DevOps Connect: DevSecOps DayShannon Lietz, Caroline Wong and Paula Thrasher will give the opening remarks at DevOps Connect: DevSecOps Days on April 16 at the RSAC Conference in San Francisco. On today's show, I talk with Shannon, Caroline and Paula, on what they hope to accomplish during their talk, and why DevSecOps is becoming the hottest topic in this year's growth of the DevOps Community.2018-02-2635 min
The OWASP Podcast SeriesStruts 2 Vulnerability AnalysisBrian Fox and Shannon Lietz talk about the recent announcement of the struts 2 vulnerability: What is it, how can it affect you, what you can do about it. You can view this broadcast as video on YouTube:
https://www.youtube.com/watch?v=EzRKOudJPtQ2017-03-1020 min
The OWASP Podcast SeriesCulture Hacker: How to Herd CATTs and Inspire Rebels to Change the WorldIn preparation for her keynote session at AppSec EU 2017 in Belfast, Shannon Lietz continues to explore the integration of DevOps and security. This is a recording of her session at RSAC 2017 in San Francisco.2017-02-1536 min
The OWASP Podcast SeriesShannon Lietz - Keynote Preview for AppSec EU 2017, BelfastShannon Lietz, DevSecOps Lead at Intuit, will be giving a keynote presentation at AppSec EU 2017, Belfast. I talked with Shannon about what she will be presenting and why she is so excited to return to Ireland.2017-01-1709 min
The OWASP Podcast SeriesThe Future of DevSecOps w/ Shannon Lietz and Chris Swan, Live From IP Expo LondonThis is a live recording from 2016 IP Expo London, with Shannon Lietz (Intuit), Chris Swan (CSC) and host Mark Miller (Sonatype) discussing the future of security as it relates to DevOps. Shannon and Chris are real world practitioners, bringing stories from the trenches. We initially start with where the term DevSecOps came from, then move on to the future of automated security as part of the DevOps ecosystem.2016-10-0957 min
The Defender's Advantage PodcastRed, Blue and IntuitWe sat down with Shannon Lietz, head of DevSecOps engineers at Intuit,about the company’s philosophy regarding cloud security. In thispodcast she discusses what kinds of resources Intuit has devoted tokeeping the cloud safe, advice for companies considering moving to thecloud, and how enterprises can use the cloud while staying ahead ofattackers.She also describes Red Team Mondays, Blue Team Intelligence, and howIntuit uses fire drills to keep vendors on their toes.2016-03-3016 min
The OWASP Podcast SeriesDevOps, Security and Development w/ Matt Tesauro, Shannon Lietz and Jez HumbleWhen I was at AppSecUSA 2015 in San Francisco, I was standing in the hallway talking with Matt Tesauro, Shannon Lietz and Jez Humble. We decide that our discussion was interesting enough to continue, so we grab a room and just started talking.
Heads up: There are basic audio problems with the recording, such as some background hiss and some high frequency whining (not from us, from the lights overhead!). It was an interesting discussion about real world scenarios that the three have seen in different environments, with solutions for those issues. There's an important summary that starts at 34 minutes where...2015-09-2842 min