Our latest in a series of interviews discussing cybersecurity career paths, today we talk to Jayson Grace his path into cybersecurity and his experience building red teams at national labs and purple teams at Meta. We also talk about his community impact, giving talks and building open source tools. Jayson just left Meta for an AI safety startup named Dreadnode, which we'll discuss as well.

Segment Resources:

• CyberSecEval 3: Advancing the Evaluation of Cybersecurity Risks and Capabilities in Large Language Models
• The [TTPForge] (https://github.com/facebookincubator/TTPForge) is a Cybersecurity Framework for developing, automating, and executing attacker Tactics, Techniques, and Procedures (TTPs).
• ForgeArmory provides TTPs that can be used with the TTPForge
• Wired, by Lily Hay Newman: Facebook's ‘Red Team X’ Hunts Bugs Beyond the Social Network's Walls
• MOSE (Master Of SErvers) is a post exploitation tool for configuration management servers.
• BSides SF 2024 - Beyond Quick Cash: Rethinking Bug Bounties for Greater Impact
• BSides LV 2023 - [GF - Enemy Within: Leveraging Purple Teams for Advanced Threat Detection & Prevention - https://www.youtube.com/watch?v=-MT0tNi2vvc

This week in the enterprise security news, we've got:

1. Torq, Tamnoon, and Defect Dojo raise funding
2. Checkmarx acquires ZAP
3. Commvault acquires Clumio
4. Would you believe San Francisco is NOT the most funded metro area for cybersecurity?
5. Auto-doxxing Smart glasses are now possible
6. Meta gets fined $100M for storing plaintext passwords
7. AI coding assistants might not be living up to expectations
8. Worst Practices
9. Dumpster fires and truth bombs

All that and more, on this episode of Enterprise Security Weekly!

The way we use browsers has changed, so has the way we need to secure them. Using a secure enterprise browser to execute content away from the endpoint, inside a secure cloud browser is a dramatically more effective and cost-effective approach to protect users and secure access.

This segment is sponsored by Menlo Security. Visit https://securityweekly.com/menloisw to learn more about them!

Sevco is a cloud-native vulnerability and exposure management platform built atop asset intelligence to enable rapid risk prioritization, mitigation, validation, and metrics.

Segment Resources: Customer Testimonials: https://www.sevcosecurity.com/testimonials/ Product Videos: https://www.sevcosecurity.com/sevcoshorts/

This segment is sponsored by Sevco Security. Visit https://securityweekly.com/sevcoisw to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-378