The Security Detail

Audra Streetman and Madeleine Tauber
The Security Detail

The Security Detail is a podcast series by SURGe, Splunk’s strategic security research team. Every other week, co-hosts Audra Streetman and Kirsty Paine interview security experts about the top cyber threats in different industries. Episodes will examine the cyber threat landscape in healthcare, education, manufacturing, the technology sector, retail and hospitality, telecommunications, and the public sector.

  1. OCT 2

    Ep. 5: Browser Security with Fletcher Oliver, Chrome Browser Customer Engineer

    Browser security is crucial for protecting personal information and preventing malicious attacks, ensuring safe and private online experiences. In Episode 6 of The Security Detail, Chrome browser customer engineer Fletcher Oliver shares some of the top browser security risks and how to defend against them. We also discuss SURGe research that examines security risks associated with Chrome browser extensions.    Links: - Chrome Safety: https://www.google.com/chrome/safety/ - Chrome Safe Browsing: https://support.google.com/chrome/answer/9890866 - Chrome Enhanced Safe Browsing: https://support.google.com/accounts/answer/11577602 - Chrome Enterprise Core:  https://chromeenterprise.google/ - SURGe research on Chrome browser extension security: https://www.splunk.com/en_us/blog/security/add-to-chrome-part-1-an-analysis-of-chrome-browser-extension-security.html - Google's Permission Risk whitepaper download: https://storage.googleapis.com/support-kms-prod/H67pelgBrKlKSgvA24ooNwVYYx6emmcuJ0LD - Chrome Enterprise Premium: https://chromeenterprise.google/products/chrome-enterprise-premium/ - Splunk integration in Chrome Enterprise Core: https://support.google.com/chrome/a/answer/12325467 - Google Chrome App for Splunk: https://splunkbase.splunk.com/app/6896

    18 min

  2. SEP 4

    Ep. 4: Application Security with Tanya Janca, head of community and education at Semgrep

    Application security is crucial for protecting sensitive data and ensuring the integrity and trustworthiness of software systems against cyber threats. In this episode, Tanya Janca, head of community and education at Semgrep discusses the importance of “shifting left” in the software development lifecycle, along with the best and worst practices in DevSecOps. Tanya has been coding and working in IT for more than 25 years and is the best-selling author of the book ‘Alice and Bob Learn Application Security’. You can follow Tanya on social media under the handle @SheHacksPurple.   Resources:  Semgrep website: https://semgrep.dev/ 'Alice and Bob Learn Application Security': https://www.amazon.com/Alice-Bob-Learn-Application-Security/dp/B097NJSSV8 'Alice and Bob Learn Secure Coding': https://www.wiley.com/en-us/Alice+and+Bob+Learn+Secure+Coding-p-9781394171705 SheHacksPurple YouTube: https://www.youtube.com/channel/UCyxbNw11fMUgoR3XpVYVPIQ SheHacksPurple website: https://shehackspurple.ca/ OWASP Global AppSec Conference: https://sf.globalappsec.org/ CISA Secure by Design: https://www.cisa.gov/securebydesign Tanya's RSAC Talk on DevSecOps worst practices: https://www.rsaconference.com/library/Presentation/USA/2023/DevSecOps%20Worst%20Practices RSAC Presentation: 'The End of DevSecOps?' by DJ Schleen: https://www.rsaconference.com/Library/presentation/usa/2024/the%20end%20of%20devsecops Executive Order on Improving the Nation’s Cybersecurity (SBOMs): https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/

    48 min

  3. AUG 7

    Ep. 3: International Law and Cyber Operations with François Delerue, Assistant Professor of Law at IE University

    International law establishes norms and frameworks to ensure that States conduct their activities in a manner consistent with principles of sovereignty, responsibility, and human rights. In this episode, François Delerue, Assistant Professor of Law at IE University, discusses the application of international law to cyber operations, including the challenges with attribution and the threshold for cyberwarfare.  Resources:  - François Delerue's biography: https://francoisdelerue.eu/ - Cyber Operations and International Law: https://www.cambridge.org/core/books/cyber-operations-and-international-law/74D210E76E46531542AD27CECF07ABDE - Tallinn Manual 2.0: https://www.cambridge.org/core/books/tallinn-manual-20-on-the-international-law-applicable-to-cyber-operations/E4FFD83EA790D7C4C3C28FC9CA2FB6C9 - "Russia Is Fighting for a Treaty That Could Soon Change the Internet Forever" (Newsweek): https://www.newsweek.com/russia-fighting-treaty-that-could-soon-change-internet-forever-1865118 - Microsoft's Digital Geneva Convention Proposal: https://www.microsoft.com/en-us/cybersecurity/content-hub/a-digital-geneva-convention-to-protect-cyberspace

    53 min

  4. JUL 24

    Ep. 2: LLM Research and CISO Liability with Liz Wharton, founder of Silver Key Strategies

    In episode two of The Security Detail, Audra interviews Liz Wharton, founder of Silver Key Strategies, about her research on using large language models (LLMs) to analyze SEC 8-K filings and other public reporting to gain cybersecurity insights. Liz is an attorney who has two decades of legal, public policy, and business experience, including in cybersecurity. The interview also covers the heightened liability security executives face when reporting material incidents to the US Securities and Exchange Commission (SEC).    Resources:  SURGe Minicon talks at .conf24: https://conf.splunk.com/sessions/catalog.html?search=minicon#/ Silver Key Strategies: https://silverkeystrategies.com/about-silver-key Splunk's 2024 State of Security Report: https://www.splunk.com/en_us/campaigns/state-of-security.html

    26 min

  5. JUL 10

    Ep. 1: Veterans in Cybersecurity with Tom Marsland, board chair of VetSec

    Veterans bring invaluable skills in leadership, problem-solving, and discipline to the field of cybersecurity, making them highly sought-after candidates in the industry. In this episode, Tom Marsland, board chair of VetSec, explains how the non-profit helps veterans and transitioning military members find employment in the industry.  Resources:  VetSec: https://vetsec.org/ Veterans Affairs locations: https://www.va.gov/find-locations/ Til Valhalla Project: https://tilvalhallaproject.com/ Operation Code: https://operationcode.org/ Hiring our Heroes: https://www.hiringourheroes.org/ USO Careers: https://www.uso.org/careers/ Cloud Range: https://www.cloudrangecyber.com/

    24 min

  6. APR 24

    Ep. 9: Top Cybersecurity Skills According to Past Interview Guests

    In episode 9 of The Security Detail, hear from past interview guests about what they consider to be the most important cybersecurity skill for future practitioners.

    10 min

  7. APR 10

    Ep. 8: Emerging Technology Predictions from Past Interview Guests

    In episode 8 of The Security Detail, hear from past interview guests about their predictions for emerging technology, like artificial intelligence and quantum computing.  Resources:  Cipher Brief article: https://www.thecipherbrief.com/how-ai-is-helping-the-u-s-unravel-chinas-dangerous-hacking-operation

    14 min

  8. MAR 27

    Ep. 7: MITRE ATT&CK framework featuring Adam Pennington, MITRE ATT&CK Lead

    The MITRE ATT&CK framework provides a standardized taxonomy and knowledge base of adversary tactics, techniques, and procedures (TTPs), enabling organizations to enhance threat detection, response, and mitigation strategies effectively. In this episode, Adam Pennington tells us about the origins of the ATT&CK project, how organizations can effectively leverage it, and the journey that led Adam to his current role as the project's leader.     Resources:  Mitre ATT&CK website: https://attack.mitre.org/ .conf24 agenda: https://conf.splunk.com/  ATT&CKCon Presentations: https://attack.mitre.org/resources/learn-more-about-attack/ ATT&CK Evaluations Program: https://mitre-engenuity.org/cybersecurity/attack-evaluations/ Adam's BSides Talk (Bringing Intelligence into Cyber Deception with MITRE ATT&CK): https://www.youtube.com/watch?v=eL4iLUw1ee8 Adam's DEF CON Talk (Emulating Adversary w Imperfect Intelligence): https://www.youtube.com/watch?v=cXlWY3OnjO0 David Bianco's Pyramid of Pain: https://www.youtube.com/watch?v=3Xrl6ICxKxI  Dr. Fetterman’s blog: https://www.splunk.com/en_us/blog/security/revisiting-the-big-picture-macro-level-att-ck-updates-for-2023.html

    37 min
See All (28)

5
out of 5
14 Ratings

About

The Security Detail is a podcast series by SURGe, Splunk’s strategic security research team. Every other week, co-hosts Audra Streetman and Kirsty Paine interview security experts about the top cyber threats in different industries. Episodes will examine the cyber threat landscape in healthcare, education, manufacturing, the technology sector, retail and hospitality, telecommunications, and the public sector.

Information

  • Creator
    Audra Streetman and Madeleine Tauber
  • Years Active
    2023 - 2024
  • Episodes
    28
  • Rating
    Clean
  • Copyright
    © Copyright 2023 All rights reserved.
  • Show Website
    The Security Detail

You Might Also Like

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes, and get the latest updates.
Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada