Sign up to save your podcasts
Or
Share Community Knowledge Sharing with CyberNest - Ben Siegel, Aaron Costello - ESW #379
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Community Knowledge Sharing with CyberNest - Ben Siegel, Aaron Costello - ESW #379
For this interview, Ben from CyberNest joins us to talk about one of my favorite subjects: information sharing in infosec. There are so many amazing skills, tips, techniques, and intel that security professionals have to share. Sadly, a natural corporate reluctance to share information viewed as privileged and private has historically had a chilling effect on information sharing.
We'll discuss how to build such a community, how to clear the historical hurdles with information sharing, and how to monetize it without introducing bias and compromising the integrity of the information shared.
Aaron was already a skilled bug hunter and working at HackerOne as a triage analyst at the time. What he discovered can't even be described as a software bug or a vulnerability. This type of finding has probably resulted in more security incidents and breaches than any other category: the unintentional misconfiguration.
There's a lot of conversation right now about the grey space around 'shared responsibility'. In our news segment later, we'll also be discussing the difference between secure design and secure defaults. The recent incidents revolving around Snowflake customers getting compromised via credential stuffing attacks is a great example of this. Open AWS S3 buckets are probably the best known example of this problem. At what point is the service provider responsible for customer mistakes? When 80% of customers are making expensive, critical mistakes? Doesn't the service provider have a responsibility to protect its customers (even if it's from themselves)?
These are the kinds of issues that led to Aaron getting his current job as Chief of SaaS Security Research at AppOmni, and also led to him recently finding another common misconfiguration - this time in ServiceNow's products. Finally, we'll discuss the value of a good bug report, and how it can be a killer addition to your resume if you're interested in this kind of work!
Segment Resources:
- Aaron's blog about the ServiceNow data exposure.
- The ServiceNow blog, thanking AppOmni for its support in uncovering the issue.
In the enterprise security news,
- Eon, Resolve AI, Harmonic and more raise funding
- Dragos acquires Network Perception
- Prevalent acquires Miratech
- The latest DFIR reports
- A spicy security product review
- Secure by Whatever
- New threats
- Hot takes
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-379
View all episodes
By Security Weekly Productions
4.4
208208 ratings
For this interview, Ben from CyberNest joins us to talk about one of my favorite subjects: information sharing in infosec. There are so many amazing skills, tips, techniques, and intel that security professionals have to share. Sadly, a natural corporate reluctance to share information viewed as privileged and private has historically had a chilling effect on information sharing.
We'll discuss how to build such a community, how to clear the historical hurdles with information sharing, and how to monetize it without introducing bias and compromising the integrity of the information shared.
Aaron was already a skilled bug hunter and working at HackerOne as a triage analyst at the time. What he discovered can't even be described as a software bug or a vulnerability. This type of finding has probably resulted in more security incidents and breaches than any other category: the unintentional misconfiguration.
There's a lot of conversation right now about the grey space around 'shared responsibility'. In our news segment later, we'll also be discussing the difference between secure design and secure defaults. The recent incidents revolving around Snowflake customers getting compromised via credential stuffing attacks is a great example of this. Open AWS S3 buckets are probably the best known example of this problem. At what point is the service provider responsible for customer mistakes? When 80% of customers are making expensive, critical mistakes? Doesn't the service provider have a responsibility to protect its customers (even if it's from themselves)?
These are the kinds of issues that led to Aaron getting his current job as Chief of SaaS Security Research at AppOmni, and also led to him recently finding another common misconfiguration - this time in ServiceNow's products. Finally, we'll discuss the value of a good bug report, and how it can be a killer addition to your resume if you're interested in this kind of work!
Segment Resources:
- Aaron's blog about the ServiceNow data exposure.
- The ServiceNow blog, thanking AppOmni for its support in uncovering the issue.
In the enterprise security news,
- Eon, Resolve AI, Harmonic and more raise funding
- Dragos acquires Network Perception
- Prevalent acquires Miratech
- The latest DFIR reports
- A spicy security product review
- Secure by Whatever
- New threats
- Hot takes
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-379
More shows like Security Weekly Podcast Network (Audio)
View all
Freakonomics Radio
32,246 Listeners
Planet Money
30,609 Listeners
Global News Podcast
7,913 Listeners
Hacked
187 Listeners
Security Now (Audio)
2,011 Listeners
Uncanny Valley | WIRED
507 Listeners
Risky Business
371 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
651 Listeners
CyberWire Daily
1,028 Listeners
Paul's Security Weekly (Audio)
16 Listeners
Click Here
418 Listeners
Darknet Diaries
8,077 Listeners
Tech Brew Ride Home
964 Listeners
Cybersecurity Today
175 Listeners
Cybersecurity Headlines
139 Listeners