All Episodes
Displaying 81 - 100 of 137 in total
Episode 81: Identity-as-a-Service (IDaaS) and Cloud IAM
Identity-as-a-Service (IDaaS) provides centralized identity and access management capabilities from the cloud. In this episode, we explore the architecture and benefit...
Episode 82: Credential Management and Recovery
Managing credentials securely is critical to preventing unauthorized access and ensuring business continuity. This episode explores techniques for secure credential is...
Episode 83: Access Control Lists and Capability Tables
Access control mechanisms determine who can access what—and how. In this episode, we compare two classic models: Access Control Lists (ACLs) and capability tables. ACL...
Episode 84: Access Recertification and Review
Access permissions tend to accumulate over time, creating a significant security risk if not reviewed regularly. This episode focuses on access recertification—the pro...
Episode 85: Session Management and Timeout Policies
Controlling user sessions is a critical part of maintaining secure access. In this episode, we examine how session tokens are issued, maintained, and terminated—along ...
Episode 86: Threats to IAM: Replay, Pass-the-Hash, Credential Stuffing
Identity systems are high-value targets, and attackers use increasingly sophisticated techniques to exploit them. This episode examines key IAM-related attack vectors,...
Episode 87: Assessment Types: Vulnerability Scans, Pen Testing, Audits
Security assessments come in many forms—each with a specific purpose. In this episode, we compare and contrast vulnerability scanning, penetration testing, and formal ...
Episode 88: Planning a Security Assessment
Security assessments must be planned thoroughly to be effective, safe, and actionable. This episode walks through the planning phase of an assessment project, includin...
Episode 89: Security Control Testing: Manual vs. Automated
Security controls are only effective if they’re working as designed. In this episode, we explore how to test those controls using both manual and automated methods. We...
Episode 90: Code Review and Static/Dynamic Testing
Code is a frequent source of vulnerabilities, and reviewing it is essential for secure software development. In this episode, we discuss secure code review techniques—...
Episode 91: Security Test Data and Environment Management
Security testing requires careful control over both the test environment and the data used within it. In this episode, we explore how to create and manage dedicated te...
Episode 92: Test Coverage and Measurement
How do you know your security testing is thorough? In this episode, we examine test coverage metrics and how they help evaluate the effectiveness and completeness of a...
Episode 93: Risk Assessment and Gap Analysis
Risk assessments help prioritize security controls by identifying vulnerabilities, evaluating threats, and estimating potential impacts. In this episode, we break down...
Episode 94: Compliance Auditing and Evidence Collection
Audits provide assurance that an organization is following its security policies and regulatory obligations. In this episode, we explore how compliance audits are stru...
Episode 95: Log Analysis for Forensics and Compliance
Logs are a goldmine of insight—but only if you know how to analyze them effectively. This episode dives into log collection, normalization, and correlation to support ...
Episode 96: Threat Hunting and Red Team Exercises
Proactive threat hunting involves searching for signs of compromise that automated tools may miss. In this episode, we explain how threat hunters use hypothesis-driven...
Episode 97: Reporting Assessment Results Effectively
The value of a security assessment is only realized when the results are communicated clearly. In this episode, we discuss how to structure, write, and deliver effecti...
Episode 98: Metrics and KPIs for Security Performance
What gets measured gets managed—and security is no exception. This episode focuses on security metrics and key performance indicators (KPIs) that help organizations ev...
Episode 99: Continuous Monitoring and Feedback Loops
Security is not a one-time event—it’s a continuous process. In this episode, we explore how continuous monitoring helps organizations detect changes, uncover risks, an...
Episode 100: Assessing Third-Party and Vendor Risk
Vendors and service providers often have privileged access to your data and systems—making them a potential weak link. This episode focuses on third-party risk managem...