Category Archives: Podcasts

Contrarisk Security Podcast #0025: software vulnerabilities and change management

» Listen or download now on the podcast page » Software vulnerabilities Software flaws are at the root of many security exploits, and year after year we see the same old issues topping the OWASP top-ten, such as SQL injection and cross-site scripting (XSS). Are these really such hard problems to tackle? Or is the message just not getting through to… Read more »

ContraRisk Security Podcast 0024: A return on your security investment

» Listen or download now on the podcasts page » Can we really talk a Return On Investment (ROI) with information security? Most people view security as a kind of insurance policy – you pay out, year after year, and if you do it right, you never have to claim. So there’s always a temptation to cut costs – which only… Read more »

Contrarisk Security Podcast 0023: M2M and malware detection

» Listen or download now on the podcasts page » Machine-to-Machine (M2M) is a domain that includes industrial systems, telemetry, Scada and so on. And while Scada has increasingly become a focus of security concerns, this has tended to concentrate on the the control systems themselves, rather than the entire chain from sensor to control room. In this episode, we talk to… Read more »

ContraRisk Security Podcast 0022: Security visibility and protecting data

» Listen or download now on the podcasts page » This is the time of year when security vendors make lots of predictions about what the year ahead holds for information security. Most of the predictions are stunningly obvious and trivial, but one was intriguing. Corey Nachreiner, director of security strategy at WatchGuard, reckons 2014 will be the year of security visibility. But… Read more »

ContraRisk Security Podcast 21: securing the cloud; and PCI DSS 3.0

» Listen or download now on the podcasts page » There seems to be no clear consensus about how to do cloud security, or even it it’s possible. According to Colin Tankard of Digital Pathways, it really comes down to what you define as ‘secure’. A lot of it is to do with who needs to see the data and how you access… Read more »

ContraRisk Security Podcast 20: Rogue insiders and cybercrime co-operation

» Listen or download now on the podcasts page » Cybercrime co-operation The International Cyber Security Protection Alliance (ICSPA) was formed to help help government and law enforcement agencies assist businesses in tackling cybercrime. Co-operation and information sharing are very much at the core of this kind of activity, so, at the recent ISSE conference in Brussels, Steve Mansfield-Devine asked John Lyons,… Read more »

ContraRisk Security Podcast 0019: The evolution of pen-testing

» Listen or download now on the podcast page » For some organisations, penetration testing is merely a compliance requirement that they hope will find the minimum of weaknesses. For others, it’s a key step is discovering where their weaknesses lay, so they can fix them. But is pen-testing too often an afterthought, taking place after systems have been developed and… Read more »

ContraRisk Security Podcast 0018: The professional approach

» Listen or download now on the podcasts page » The information security business isn’t short on qualifications and certifications, but does it have the right ones? And do organisations who employ infosec specialists even understand them? Ian Glover, president of CREST, the not-for-profit organisation that provides standards and certifications in areas like penetration testing, believes that what the infosec industry needs… Read more »

ContraRisk Security Podcast 0017: encrypted comms and BYOD

» Listen or download now on the podcasts page » Silent Circle offers secure voice and text communications using peer-to-peer encryption. Until recently, it also offered secure email, but shortly after we interviewed Jon Callas, the firm’s CTO and co-founder, Silent Circle followed the lead of another secure email provider, Lavabit, and shut down that service. This was a reaction to… Read more »

ContraRisk Security Podcast 0016: DDoS and trust on the Internet

» Listen or download now on the podcasts page » People bank and shop online, but do they really trust the companies with which they are doing business? Research by Integralis suggests that they don’t. It found that around a quarter of people don’t trust any organisation to secure their personal information. Given that trust is an integral part of security… Read more »