Share Below the Surface (Audio) - The Supply Chain Security Podcast
Share to email
Share to Facebook
Share to X
By Eclypsium
The podcast currently has 38 episodes available.
In this episode of Below the Surface, host Paul Ascadorian and guest Patrick Garrity discuss the complexities of vulnerability tracking and prioritization. They explore various sources of vulnerability data, the significance of known exploited vulnerabilities, and the concept of weaponization in cybersecurity. The conversation delves into the challenges posed by supply chain vulnerabilities, the importance of Software Bill of Materials (SBOM), and the impact of user behavior on security. The episode concludes with thoughts on the future of vulnerability management and the need for a more comprehensive approach to cybersecurity.
In this episode, Matt Brown joins the podcast to talk about firmware reverse engineering and supply chains. They discuss Matt's start in information security, his journey into hardware security, and the creation of his YouTube channel. They also explore the vulnerabilities and weaknesses in the supply chain of IoT devices and the challenges of extracting firmware from embedded Linux systems. Matt shares his favorite tools for firmware extraction and the complexities of creating an SBOM in the embedded Linux ecosystem. In this conversation, Paul and Allan discuss the challenges and vulnerabilities in IoT devices. They highlight the lack of security incentives in the IoT industry, the reuse of code across different devices, and the importance of validating firmware updates. They also mention the use of tools like binwalk and unblob for firmware analysis, and the benefits of UART and JTAG for hardware hacking. The conversation emphasizes the need for passion and hands-on experience in exploring IoT security.
Stewart and Trey join us to talk about driving cybersecurity policies for the nation, what makes a good policy, what makes a bad policy, supply chain research and policies, and overall how we shape policies that benefit cybersecurity.
Segment Resources:
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Show Notes: https://securityweekly.com/bts-36
Gain insights into the CISA KEV straight from one of the folks at CISA, Tod Beardsley. Learn how KEV was created, where the data comes from, and how you should use it in your environment.
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Resource: https://cisa.gov/kev
Show Notes: https://securityweekly.com/bts-35
Jay Jacobs Co-Founder and Data Scientist and Wade Baker Co-Founder; Data Storyteller from The Cyentia Institute come on the show to talk about The Exploit Prediction Scoring System (EPSS).
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Show Notes: https://securityweekly.com/bts-34
Ed Harris joins us to discuss how to secure OT environments, implement effective air gaps, and more!
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Show Notes: https://securityweekly.com/bts-33
We discuss the various aspects of Mitre Att&ck, including tools, techniques, supply chain aspects, and more!
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Show Notes: https://securityweekly.com/bts-32
Cassie has a long history of successfully managing a variety of security programs. Today, she leads supply chain efforts for a very large product company. We will tackle topics such as software supply chain management, SBOMs, third-party supply chain challenges, asset management, and more!
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Show Notes: https://securityweekly.com/bts-31
Bob Martin comes on the show to discuss systems of trust, supply chain security and more!
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Show Notes: https://securityweekly.com/bts-30
Jason joins us to discuss the current enterprise landscape for defending against supply chain attacks, remediating firmware issues, and the current challenges with patch management.
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Show Notes: https://securityweekly.com/bts-29
The podcast currently has 38 episodes available.