Below the Surface (Video) - The Supply Chain Security Podcast podcast artwork

PODCAST · technology

Below the Surface (Video) - The Supply Chain Security Podcast

A lively discussion of the threats affecting supply chain, specifically focused on firmware and low-level code that is a blind spot for many organizations. This podcast will feature guests from the cybersecurity industry discussing the problems surrounding supply chain-related issues and potential solutions.

  1. 36

    Supply Chain Policies - Stewart Scott, Trey Herr - BTS #36

    Stewart and Trey join us to talk about driving cybersecurity policies for the nation, what makes a good policy, what makes a bad policy, supply chain research and policies, and overall how we shape policies that benefit cybersecurity. Segment Resources: https://www.atlanticcouncil.org/in-depth-research-reports/report/broken-trust-lessons-from-sunburst/ https://www.atlanticcouncil.org/in-depth-research-reports/report/open-source-software-as-infrastructure/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-36

  2. 35

    The Known Exploited Vulnerability catalogue, aka the KEV - Tod Beardsley - BTS #35

    Gain insights into the CISA KEV straight from one of the folks at CISA, Tod Beardsley. Learn how KEV was created, where the data comes from, and how you should use it in your environment. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Resource: https://cisa.gov/kev Show Notes: https://securityweekly.com/bts-35

  3. 34

    EPSS - The Exploit Prediction Scoring System - Jay Jacobs, Wade Baker - BTS #34

    Jay Jacobs Co-Founder and Data Scientist and Wade Baker Co-Founder; Data Storyteller from The Cyentia Institute come on the show to talk about The Exploit Prediction Scoring System (EPSS). This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-34

  4. 33

    Securing OT Environments - Dr. Ed Harris - BTS #33

    Ed Harris joins us to discuss how to secure OT environments, implement effective air gaps, and more! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-33

  5. 32

    Mitre ATT&CK - Adam Pennington - BTS #32

    We discuss the various aspects of Mitre Att&ck, including tools, techniques, supply chain aspects, and more! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-32

  6. 31

    Managing Complex Digital Supply Chains - Cassie Crossley - BTS #31

    Cassie has a long history of successfully managing a variety of security programs. Today, she leads supply chain efforts for a very large product company. We will tackle topics such as software supply chain management, SBOMs, third-party supply chain challenges, asset management, and more! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-31

  7. 30

    Systems Of Trust - Robert Martin - BTS #30

    Bob Martin comes on the show to discuss systems of trust, supply chain security and more! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-30

  8. 29

    Supply Chains, Firmware, And Patching - Jason Kikta - BTS #29

    Jason joins us to discuss the current enterprise landscape for defending against supply chain attacks, remediating firmware issues, and the current challenges with patch management. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-29

  9. 28

    5G Hackathons - Casey Ellis - BTS #28

    Casey recently was involved in an event that brought hackers and 5G technology together, tune-in to learn about the results and how we can use bug bounty programs to improve the security of "things". This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-28

  10. 27

    Governance, Compliance, and The Digital Supply Chain - Josh Marpet - BTS #27

    In this episode, we discuss digital supply chain governance and compliance, featuring Josh Marpet from Guarded Risk, hosted by Paul Asadoorian and Allan Alford. Specifically, we discuss: The importance of understanding and complying with regulations affecting digital supply chains, such as Executive Order 14028 and the NIST Cybersecurity Framework. The podcast highlighted the impact of EU regulations, like CRA, GDPR, and DORA, on global businesses, underscoring the shared responsibility model in data security. Vendors' duties in open-source security and software vulnerability management were discussed, with a call for automation in software inventory and security, including the use of SBOMs. The conversation included strategies for effective supply chain risk management, advising regular updates, and understanding the interconnectedness of vulnerabilities. International compliance, particularly with EU data security laws, presents operational challenges and necessitates robust cybersecurity measures. Proactive vendor communication and automated processes are crucial for managing cybersecurity threats efficiently. Continuous risk assessment is preferred over periodic checks, with an emphasis on a nuanced approach to cybersecurity risk management. (00:00) - Digital Supply Chain Governance Compliance (14:08) - EU Regulations on Data Security (21:38) - Responsibility of Vendors in Open Source (27:49) - Supply Chain Risk Management Program Advice (39:01) - Automating Software Inventory and Security This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more! Show Notes: https://securityweekly.com/bts-27

  11. 26

    What We Don't Know Will Hurt Us - Cheryl Biswas - BTS #26

    Cheryl is super passionate about supply chain security and visibility. Tune in to our discussion on how we can collectively get better at reducing the attack surface and working to fix the wide variety of digital supply chain issues we have today. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Segment Resources: https://files.scmagazine.com/wp-content/uploads/2024/03/AtlSecConMassIoT23.pdf https://files.scmagazine.com/wp-content/uploads/2024/03/Tactical-Edge-2021-Software-Supply-Chain.pdf https://files.scmagazine.com/wp-content/uploads/2024/03/Texas-Adversary-2021-Software-Supply-Chain.pdf Show Notes: https://securityweekly.com/bts-26

  12. 25

    Supply Chain Threats and Regulations - BTS #25

    Paul and Allan will talk a little bit about Allan's background and current work at Eclypsium. Next, we'll cover some of the recent news and topics we've been discussing on our blog including Firewall and VPN appliance security struggles, Shim Shady, Glubteba and other malware targeting UEFI, and some thoughts on recent regulations affecting supply chains such as the EU CRA. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-25

  13. 24

    Managing Supply Chain Risk - Saša Zdjelar - BTS #24

    Saša Zdjelar joins us on this episode to dive into how organizations can manage supply chain risk, including the current challenges we face and how best to deal with them. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-24

  14. 23

    Closing The Supply Chain Visibility Gap - Dr. Olga Livingston - BTS #23

    Short of ripping everything apart (hardware and software) and inspecting the components, which is very time-consuming, how do we solve the visibility gap in various supply chains? Dr. Olga Livingston from CISA joins us to discuss! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-23

  15. 22

    SBOMs and Supply Chains - Allan Friedman - BTS #22

    We sit down with the father of the SBOM, Allan Friedman, to discuss examples of where we really need SBOMs, how to operationalize SBOMs, and how to identify and deal with bad things that may be in your SBOM! CISA's resources on SBOM are at cisa.gov/SBOM and anyone can find out more or ask for a meeting at [email protected] This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-22

  16. 21

    Supply Chain Risk Management - David Vaughn - BTS #21

    We talk about Supply Chain Risk Management in the context of the cloud and US federal government with David Vaughn. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-21

  17. 20

    Network Device Supply Chains and Lateral Movement - Joe Hall - BTS #20

    In this episode, we have the privilege of sitting down with renowned security expert Joe Hall to discuss three critical facets of modern cybersecurity: network device security, supply chain threats, and lateral movement. Join us as Joe Hall shares his wealth of knowledge and experience, unraveling the complexities of network device security, the invisible gatekeepers of our digital lives. Discover the vulnerabilities that hackers exploit and the strategies to fortify your network defenses. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-20

  18. 19

    A Year in Review on Offensive Security, Defensive Landscapes, and Global Implications - Tyler Robinson - BTS #19

    In this episode, we delve into the dynamic world of supply chain security, recapping the significant developments of the past year. Join us as we explore the evolution of offensive security, defensive landscapes, and the key actors shaping the cybersecurity landscape. Our featured guest, Tyler Robinson, Founder and CEO of Dark Element, brings a wealth of expertise to the discussion. With a deep understanding of cybersecurity and a track record of innovation, Tyler provides valuable insights into what these trends mean for companies, supply chains, governments, and geopolitics. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-19

  19. 18

    Defending Against Supply Chain Attacks - Bri Rolston - BTS #18

    Bri has spent her career investigating and defending against critical infrastructure attacks. Hear her take on the current threat landscape, supply chain security, and more! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-18

  20. 17

    Protecting The Digital Supply Chain - Yuriy Bulygin - BTS #17

    Dr. Yuriy Bulygin is the CEO and founder of Eclypsium, the digital supply chain security company. Prior to Eclypsium, Yuriy was Chief Threat Researcher at Intel Corporation. He is also the creator of CHIPSEC, the popular open-source firmware and hardware supply chain security assessment framework When enterprises started using CHIPSEC to find vulnerabilities, discover compromised firmware, or just poke around hardware systems, Yuriy founded Eclypsium with Alex Bazhaniuk. Since then Eclypsium has been on a mission to protect devices from supply chain risks. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-17

  21. 16

    UEFI and The Digital Supply Chain - Dick Wilkins - BTS #16

    Learn about the evolution of UEFI, various aspects of supply chain security surrounding UEFI, and the interactions between links in the supply chain that ultimately end up delivering you a computer or server. Segment Resources: https://uefi.org/sites/default/files/resources/What%20is%20UEFI-Aug31-2023-Final.pdf This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-16

  22. 15

    Reverse Engineering BMCs and Other Firmware - Vladyslav Babkin - BTS #15

    Vlad is part of the Eclypsium research team and has discovered several flaws in BMC ecosystems. He comes on the show to talk about his journey and cover the details behind BMC vulnerabilities and attacks. Segment Resources: https://forum.defcon.org/node/245714 https://eclypsium.com/research/bmcc-lights-out-forever/ https://eclypsium.com/blog/supply-chain-vulnerabilities-put-server-ecosystem-at-risk/ Show Notes: https://securityweekly.com/bts-15

  23. 14

    Protecting The Federal Supply Chain - John Loucaides - BTS #14

    John Loucaides, SVP Strategy at Eclypsium, joins us on the show to discuss protecting the federal supply chain! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-14

  24. 13

    Network Device Supply Chain Security - Nate Warfield - BTS #13

    We dig into network devices/appliances, why they are still around, who is attacking them, and how. Just why are attackers using network devices in ransomware campaigns and how do we stop them? Tune-in to find out as Nate Warfield, Director of Threat Research and Intelligence at Eclypsium joins us for this episode! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-13

  25. 12

    Dealing with The Digital Supply Chain - Ramy Houssaini - BTS #12

    Ramy Houssaini joins us to discuss the challenges enterprises face when dealing with supply chain threats, risks and vulnerabilities. We'll explore how to identify cybersecurity gaps in your various supply chains, discuss real-world examples such as Log4j and more! Show Notes: https://securityweekly.com/bts-12 

  26. 11

    SCRM and Supply Chain Security Up and Down the Stack - Steve Orrin - BTS #11

    Supply Chain threats and industry / government initiatives like EO 14028 are driving a deeper understanding and a set of requirements for applying supply chain risk management (SCRM) and increased transparency (ex. SBOM) across the software ecosystem up and down the stack. Platform and system firmware present unique challenges for supply chain assurance from the depths of the stack.   Segment Resources: ESF: Securing the Software Supply Chain for Customers https://media.defense.gov/2022/Nov/17/2003116444/-1/-1/0/ESF_SECURING_THE_SOFTWARE_SUPPLY_CHAIN_CUSTOMER_SLICKSHEET.PDF https://media.defense.gov/2022/Nov/17/2003116445/-1/-1/0/ESF_SECURING_THE_SOFTWARE_SUPPLY_CHAIN_CUSTOMER.PDF ESF: Securing the Software Supply Chain for Suppliers https://media.defense.gov/2022/Oct/31/2003105572/-1/-1/0/ESF_SECURING_THE_SOFTWARE_SUPPLY_CHAIN_SUPPLIERS_SLICKSHEET.PDF https://media.defense.gov/2022/Oct/31/2003105368/-1/-1/0/SECURING_THE_SOFTWARE_SUPPLY_CHAIN_SUPPLIERS.PDF ESF: Securing the Software Supply Chain for Developers https://media.defense.gov/2022/Sep/01/2003068942/-1/-1/0/ESF_ SECURING_THE_SOFTWARE_SUPPLY_CHAIN_DEVELOPERS.PDF CISA SBOM Site https://www.cisa.gov/sbom   Show Notes: https://securityweekly.com/bts-11 

  27. 10

    Learning About Firmware Security - Xeno Kovah - BTS #10

    Firmware security is a deeply technical topic, that's hard to get started in. In this talk, Xeno will discuss some past work in firmware security, and how he has organized resources such as a low level timeline (with over 300 talks), and free MOOC classes, to help teach people about firmware security. Segment Resources: https://ost2.fyi https://darkmentor.com/timeline.html   Show Notes: https://securityweekly.com/bts10 

  28. 9

    Accidentally Learning about Security: From Firmware to the Cloud - Brian Richardson - BTS #9

    Brian Richardson didn't start out wanting to do marketing or computer security... but after starting his career as a BIOS programmer, he tripped and fell into technical marketing (aka "Binary to English translator"). Brian's here to talk about the importance of hardware & firmware security in a SaaS world. Segment Resources: https://www.youtube.com/watch?v=I2FwiEH6dg4 https://www.youtube.com/watch?v=i9PrWw4ljeg https://medium.com/intel-tech/security-built-on-a-foundation-of-trust-1fa1dbb74cbc https://archive.fosdem.org/2020/schedule/event/firmware_culisfu/   Show Notes: https://securityweekly.com/bts9 

  29. 8

    Introducing fwupd and the Linux Vendor Firmware Service - Richard Hughes - BTS #8

    The LVFS is a project used by over 130 different vendors, from all positions of the supply chain. It decompresses, decompiles, then analyses firmware looking for issues, and then automatically builds a SBoM for each download.   Segment Resources: https://fwupd.org/ https://github.com/fwupd   Show Notes: https://securityweekly.com/bts8 

  30. 7

    Firmware Pulse - What is Happening Right Now - Nicholas Starke - BTS #7

    Discuss current events in firmware security, such as the techniques utilized in BlackLotus. We will compare Baton Drop with Grub2 capabilities.   Segment Resources: https://starkeblog.com/   Show Notes: https://securityweekly.com/bts7

  31. 6

    Armoring the Unified Extensible Firmware Interface (UEFI), from Standards to Open Source - Vincent Zimmer - BTS #6

    This session will provide an overview of the history of host firmware, or BIOS, focusing on the arc of the Unified Extensible Firmware Interface. It will include the development of defenses like UEFI Secure Boot and the challenges in scaling assurance across a broad ecosystem. It will close on works-in-progress and opportunities to build upon the school-of-hard-knocks learnings in this space.   Show Notes: https://securityweekly.com/bts6

  32. 5

    Community Insights: Supply Chain Threats, Critical Firmware Attacks, and more! - BTS #5

    In this edition of Below The Surface, we discuss insights Scott collected from various members of our community. Topics include supply chain threats, critical firmware attacks, and more! We also welcome special guest Tyler Robinson! View the full report here: https://eclypsium.com/2022/12/13/december-firmware-threat-report/   This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!   Show Notes: https://securityweekly.com/bts5

  33. 4

    Supply Chain Threats, Vulnerable Drivers, OpenSSL Vulnerabilities, and more! - BTS #4

    Paul and Scott talk about supply chain threats, vulnerable drivers, leaked source code and keys, and cover what we know about the OpenSSL 3.x vulnerability.   This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!   Show Notes: https://securityweekly.com/bts4

  34. 3

    Inevitable Attacks, UEFI Vulnerabilities, and more! - BTS #3

    This month Scott and Paul discuss the inevitability of attacks against certain sectors, UEFI vulnerabilities galore and so much more! Get the full report here: https://eclypsium.com/2022/10/03/september-firmware-threat-report/    This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!    Show Notes: https://securityweekly.com/bts3

  35. 2

    Root of Trust (RoT) - BTS #2

    Paul and Scott break down the Root of Trust (RoT) and other highlights from the August 2022 Below The Surface Threat Report: https://eclypsium.com/2022/08/31/august-firmware-threat-report/   This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!   Show Notes: https://securityweekly.com/bts2

  36. 1

    Firmware & Supply Chain Security - BTS #1

    Paul Asadoorian and Scott Scheferman sit down to discuss this month's firmware and supply chain threat report. We cover some of the history and latest developments regarding Secure Boot security research, the threats we face securing the firmware supply chain, and some insights into threat actors targeting firmware. View the full report here: https://eclypsium.com/2022/07/27/july-firmware-threat-report/   This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!   Show Notes: https://securityweekly.com/bts1

Type above to search every episode's transcript for a word or phrase. Matches are scoped to this podcast.

Searching…

We're indexing this podcast's transcripts for the first time — this can take a minute or two. We'll show results as soon as they're ready.

No matches for "" in this podcast's transcripts.

Showing of matches

No topics indexed yet for this podcast.

Loading reviews...

ABOUT THIS SHOW

A lively discussion of the threats affecting supply chain, specifically focused on firmware and low-level code that is a blind spot for many organizations. This podcast will feature guests from the cybersecurity industry discussing the problems surrounding supply chain-related issues and potential solutions.

HOSTED BY

Security Weekly Productions

CATEGORIES

Frequently Asked Questions

How many episodes does Below the Surface (Video) - The Supply Chain Security Podcast have?

Below the Surface (Video) - The Supply Chain Security Podcast currently has 36 episodes available on PodParley. New episodes are automatically indexed when they're published to the podcast feed.

What is Below the Surface (Video) - The Supply Chain Security Podcast about?

A lively discussion of the threats affecting supply chain, specifically focused on firmware and low-level code that is a blind spot for many organizations. This podcast will feature guests from the cybersecurity industry discussing the problems surrounding supply chain-related issues and potential...

How often does Below the Surface (Video) - The Supply Chain Security Podcast release new episodes?

Below the Surface (Video) - The Supply Chain Security Podcast has 36 episodes. Check the episode list to see recent publication dates and frequency.

Where can I listen to Below the Surface (Video) - The Supply Chain Security Podcast?

You can listen to Below the Surface (Video) - The Supply Chain Security Podcast on PodParley by clicking any episode. We provide an embedded audio player for direct listening, and you can also subscribe via your preferred podcast app using the RSS feed.

Who hosts Below the Surface (Video) - The Supply Chain Security Podcast?

Below the Surface (Video) - The Supply Chain Security Podcast is created and hosted by Security Weekly Productions.
URL copied to clipboard!