Cassie has a long history of successfully managing a variety of security programs. Today, she leads supply chain efforts for a very large product company. We will tackle topics such as software supply chain management, SBOMs, third-party supply

Systems Of Trust - Robert Martin - BTS #30

24 days ago 55m 14s

Bob Martin comes on the show to discuss systems of trust, supply chain security and more! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-30

Supply Chains, Firmware, And Patching - Jason Kikta - BTS #29

May 8th, 2024 1h 6m

Jason joins us to discuss the current enterprise landscape for defending against supply chain attacks, remediating firmware issues, and the current challenges with patch management. This segment is sponsored by Eclypsium. Visit https://security

5G Hackathons - Casey Ellis - BTS #28

Apr 24th, 2024 56m 22s

Casey recently was involved in an event that brought hackers and 5G technology together, tune-in to learn about the results and how we can use bug bounty programs to improve the security of "things". This segment is sponsored by Eclypsium. Visi

Governance, Compliance, and The Digital Supply Chain - Josh Marpet - BTS #27

Apr 10th, 2024 49m 58s

In this episode, we disccuss digital supply chain governance and compliance, featuring Josh Marpet from Guarded Risk, hosted by Paul Asadorian and Alan Alford. Specifically, we discuss: The importance of understanding and complying with regula

What We Don’t Know Will Hurt Us - Cheryl Biswas - BTS #26

Mar 27th, 2024 53m 49s

Cheryl is super passionate about supply chain security and visibility. Tune in to our discussion on how we can collectively get better at reducing the attack surface and working to fix the wide variety of digital supply chain issues we have tod

Supply Chain Threats and Regulations - BTS #25

Mar 13th, 2024 45m 32s

Paul and Allan will talk a little bit about Allan's background and current work at Eclypsium. Next, we'll cover some of the recent news and topics we've been discussing on our blog including Firewall and VPN appliance security struggles, Shim S

Managing Supply Chain Risk - Saša Zdjelar - BTS #24

Feb 21st, 2024 47m 6s

Saša Zdjelar joins us on this episode to dive into how organizations can manage supply chain risk, including the current challenges we face and how best to deal with them. This segment is sponsored by Eclypsium. Visit https://securityweekly.com

Closing The Supply Chain Visibility Gap - Dr. Olga Livingston - BTS #23

Feb 7th, 2024 58m 43s

Short of ripping everything apart (hardware and software) and inspecting the components, which is very time-consuming, how do we solve the visibility gap in various supply chains? Dr. Olga Livingston from CISA joins us to discuss! This segment

SBOMs and Supply Chains - Allan Friedman - BTS #22

Jan 24th, 2024 1h

We sit down with the father of the SBOM, Allan Friedman, to discuss examples of where we really need SBOMs, how to operationalize SBOMs, and how to identify and deal with bad things that may be in your SBOM! CISA's resources on SBOM are at cisa

Supply Chain Risk Management - David Vaughn - BTS #21

Jan 10th, 2024 48m 29s

We talk about Supply Chain Risk Management in the context of the cloud and US federal government with David Vaughn. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https:/

Network Device Supply Chains and Lateral Movement - Joe Hall - BTS #20

Dec 27th, 2023 54m 50s

In this episode, we have the privilege of sitting down with renowned security expert Joe Hall to discuss three critical facets of modern cybersecurity: network device security, supply chain threats, and lateral movement. Join us as Joe Hall sha

A Year in Review on Offensive Security, Defensive Landscapes, and Global Implications - Tyler Robinson - BTS #19

Dec 13th, 2023 53m 46s

In this episode, we delve into the dynamic world of supply chain security, recapping the significant developments of the past year. Join us as we explore the evolution of offensive security, defensive landscapes, and the key actors shaping the

Defending Against Supply Chain Attacks - Bri Rolston - BTS #18

Nov 29th, 2023 1h 6m

Bri has spent her career investigating and defending against critical infrastructure attacks. Hear her take on the current threat landscape, supply chain security, and more! This segment is sponsored by Eclypsium. Visit https://securityweekly.c

Protecting The Digital Supply Chain - Yuriy Bulygin - BTS #17

Nov 15th, 2023 1h 2m

Dr. Yuriy Bulygin is the CEO and founder of Eclypsium, the digital supply chain security company. Prior to Eclypsium, Yuriy was Chief Threat Researcher at Intel Corporation. He is also the creator of CHIPSEC, the popular open-source firmware an

UEFI & The Digital Supply Chain - Dick Wilkins - BTS #16

Nov 1st, 2023 51m 57s

Learn about the evolution of UEFI, various aspects of supply chain security surrounding UEFI, and the interactions between links in the supply chain that ultimately end up delivering you a computer or server. Segment Resources: https://uefi.or

Reverse Engineering BMCs and Other Firmware - Vladyslav Babkin - BTS #15

Oct 18th, 2023 55m 26s

Vlad is part of the Eclypsium research team and has discovered several flaws in BMC ecosystems. He comes on the show to talk about his journey and cover the details behind BMC vulnerabilities and attacks. Segment Resources: https://forum.defcon

Protecting The Federal Supply Chain - John Loucaides - BTS #14

Oct 4th, 2023 53m 47s

John Loucaides, SVP Strategy at Eclypsium, joins us on the show to discuss protecting the federal supply chain! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://sec

Network Device Supply Chain Security - Nate Warfield - BTS #13

Sep 20th, 2023 55m 7s

We dig into network devices/appliances, why they are still around, who is attacking them, and how. Just why are attackers using network devices in ransomware campaigns and how do we stop them? Tune-in to find out as Nate Warfield, Director of T

Dealing with The Digital Supply Chain - Ramy Houssaini - BTS #12

Jun 14th, 2023 55m 27s

Ramy Houssaini joins us to discuss the challenges enterprises face when dealing with supply chain threats, risks and vulnerabilities. We'll explore how to identify cybersecurity gaps in your various supply chains, discuss real-world examples su

SCRM and Supply Chain Security Up and Down the Stack - Steve Orrin - BTS #11

May 31st, 2023 57m 45s

Supply Chain threats and industry / government initiatives like EO 14028 are driving a deeper understanding and a set of requirements for applying supply chain risk management (SCRM) and increased transparency (ex. SBOM) across the software eco

Learning About Firmware Security - Xeno Kovah - BTS #10

May 17th, 2023 59m 30s

Firmware security is a deeply technical topic, that's hard to get started in. In this talk, Xeno will discuss some past work in firmware security, and how he has organized resources such as a low level timeline (with over 300 talks), and free M

Accidentally Learning about Security: From Firmware to the Cloud, Brian Richardson - BTS #9

May 3rd, 2023 1h

Brian Richardson didn't start out wanting to do marketing or computer security... but after starting his career as a BIOS programmer, he tripped and fell into technical marketing (aka "Binary to English translator"). Brian's here to talk about

BTS #8 - Richard Hughes

Apr 19th, 2023 57m 2s

The LVFS is a project used by over 130 different vendors, from all positions of the supply chain. It decompresses, decompiles, then analyses firmware looking for issues, and then automatically builds a SBoM for each download. Segment Resources:

Nicholas Starke - BTS #7

Apr 5th, 2023 48m 6s

Discuss current events in firmware security, such as the techniques utilized in BlackLotus. We will compare Baton Drop with Grub2 capabilities. Segment Resources: https://starkeblog.com/ Show Notes: https://securityweekly.com/bts7