Artwork

Το περιεχόμενο παρέχεται από το Security Weekly Productions. Όλο το περιεχόμενο podcast, συμπεριλαμβανομένων των επεισοδίων, των γραφικών και των περιγραφών podcast, μεταφορτώνεται και παρέχεται απευθείας από τον Security Weekly Productions ή τον συνεργάτη της πλατφόρμας podcast. Εάν πιστεύετε ότι κάποιος χρησιμοποιεί το έργο σας που προστατεύεται από πνευματικά δικαιώματα χωρίς την άδειά σας, μπορείτε να ακολουθήσετε τη διαδικασία που περιγράφεται εδώ https://el.player.fm/legal.
Player FM - Εφαρμογή podcast
Πηγαίνετε εκτός σύνδεσης με την εφαρμογή Player FM !

Do phishing tests do more harm than good? & Speed, Flexibility, and AI - Wolfgang Goerlich, Whitney Young - ESW #376

1:52:31
 
Μοίρασέ το
 

Manage episode 440924295 series 70666
Το περιεχόμενο παρέχεται από το Security Weekly Productions. Όλο το περιεχόμενο podcast, συμπεριλαμβανομένων των επεισοδίων, των γραφικών και των περιγραφών podcast, μεταφορτώνεται και παρέχεται απευθείας από τον Security Weekly Productions ή τον συνεργάτη της πλατφόρμας podcast. Εάν πιστεύετε ότι κάποιος χρησιμοποιεί το έργο σας που προστατεύεται από πνευματικά δικαιώματα χωρίς την άδειά σας, μπορείτε να ακολουθήσετε τη διαδικασία που περιγράφεται εδώ https://el.player.fm/legal.

A month ago, my friend Wolfgang Goerlich posted a hot take on LinkedIn that is less and less of a hot take these days.

He posted, "our industry needs to kill the phish test",and I knew we needed to have a chat, ideally captured here on the podcast.

I've been on the fence when it comes to phishing simulation, partly because I used to phish people as a penetration tester. It always succeeded, and always would succeed, as long as it's part of someone's job to open emails and read them. Did that make phishing simulation a Sisyphean task? Was there any value in making some of the employees more 'phishing resistant'?

And who is in charge of these simulations? Who looks at a fake end-of-quarter bonus email and says, "yeah, that's cool, send that out."

Segment Resources:

In this episode, we explore some compelling reasons for transitioning from traditional SOAR tools to next-generation SOAR platforms. Discover how workflow automation and orchestration offers unparalleled speed and flexibility, allowing organizations to stay ahead of evolving security threats. We also delve into how advancements in AI are driving this shift, making new platforms more adaptable and responsive to current market demands.

Segment Resources:

This segment is sponsored by Tines. Visit https://securityweekly.com/tines to learn more about them!

This week, the cybersecurity industry's most basic assumptions under scrutiny. Following up our conversation with Wolfgang Goerlich, where he questions the value of phishing simulations, we discuss essays that call into question:

  • the maturity of the industry
  • the supposed "talent gap" with millions of open jobs despite complaints that this industry is difficult to break into
  • cybersecurity's 'delusion' problem

Also some whoopsies:

  • researchers accidentally take over a TLD
  • When nearly all your customers make the same insecure configuration mistakes, maybe it's not all their fault, ServiceNow finds out

Fortinet has a breach, but is it really accurate to call it that?

Some Coalfire pentesters that were arrested in Iowa 5 years ago share some unheard details about the event, and how it is still impacting their lives on a daily basis five years later.

The news this week isn't all negative though! We discuss an insightful essay on detection engineering for managers from Ryan McGeehan is a must read for secops managers.

Finally, we discuss a fun and excellent writeup on what happens when you ignore the integrity of your data at the beginning of a 20 year research project that resulted in several bestselling books and a Netflix series!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-376

  continue reading

2952 επεισόδια

Artwork
iconΜοίρασέ το
 
Manage episode 440924295 series 70666
Το περιεχόμενο παρέχεται από το Security Weekly Productions. Όλο το περιεχόμενο podcast, συμπεριλαμβανομένων των επεισοδίων, των γραφικών και των περιγραφών podcast, μεταφορτώνεται και παρέχεται απευθείας από τον Security Weekly Productions ή τον συνεργάτη της πλατφόρμας podcast. Εάν πιστεύετε ότι κάποιος χρησιμοποιεί το έργο σας που προστατεύεται από πνευματικά δικαιώματα χωρίς την άδειά σας, μπορείτε να ακολουθήσετε τη διαδικασία που περιγράφεται εδώ https://el.player.fm/legal.

A month ago, my friend Wolfgang Goerlich posted a hot take on LinkedIn that is less and less of a hot take these days.

He posted, "our industry needs to kill the phish test",and I knew we needed to have a chat, ideally captured here on the podcast.

I've been on the fence when it comes to phishing simulation, partly because I used to phish people as a penetration tester. It always succeeded, and always would succeed, as long as it's part of someone's job to open emails and read them. Did that make phishing simulation a Sisyphean task? Was there any value in making some of the employees more 'phishing resistant'?

And who is in charge of these simulations? Who looks at a fake end-of-quarter bonus email and says, "yeah, that's cool, send that out."

Segment Resources:

In this episode, we explore some compelling reasons for transitioning from traditional SOAR tools to next-generation SOAR platforms. Discover how workflow automation and orchestration offers unparalleled speed and flexibility, allowing organizations to stay ahead of evolving security threats. We also delve into how advancements in AI are driving this shift, making new platforms more adaptable and responsive to current market demands.

Segment Resources:

This segment is sponsored by Tines. Visit https://securityweekly.com/tines to learn more about them!

This week, the cybersecurity industry's most basic assumptions under scrutiny. Following up our conversation with Wolfgang Goerlich, where he questions the value of phishing simulations, we discuss essays that call into question:

  • the maturity of the industry
  • the supposed "talent gap" with millions of open jobs despite complaints that this industry is difficult to break into
  • cybersecurity's 'delusion' problem

Also some whoopsies:

  • researchers accidentally take over a TLD
  • When nearly all your customers make the same insecure configuration mistakes, maybe it's not all their fault, ServiceNow finds out

Fortinet has a breach, but is it really accurate to call it that?

Some Coalfire pentesters that were arrested in Iowa 5 years ago share some unheard details about the event, and how it is still impacting their lives on a daily basis five years later.

The news this week isn't all negative though! We discuss an insightful essay on detection engineering for managers from Ryan McGeehan is a must read for secops managers.

Finally, we discuss a fun and excellent writeup on what happens when you ignore the integrity of your data at the beginning of a 20 year research project that resulted in several bestselling books and a Netflix series!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-376

  continue reading

2952 επεισόδια

All episodes

×
 
Loading …

Καλώς ήλθατε στο Player FM!

Το FM Player σαρώνει τον ιστό για podcasts υψηλής ποιότητας για να απολαύσετε αυτή τη στιγμή. Είναι η καλύτερη εφαρμογή podcast και λειτουργεί σε Android, iPhone και στον ιστό. Εγγραφή για συγχρονισμό συνδρομών σε όλες τις συσκευές.

 

Οδηγός γρήγορης αναφοράς