Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On this episode of Masters of Data, Adam sits down with Zoe Hawkins and David Girvin to talk AppSec programs that don't suck. David's hot take from his 1Password and Red Canary days? AppSec is a people problem, not a tooling problem—stop being the person devs dodge at standup. We cover the essentials: build relationships first, threat model based on actual business risk (not your anxiety), and ditch the "shift left" obsession with scanning everything. Instead, start with offensive testing that finds vulnerabilities attackers can actually exploit.

Reusing passwords across multiple accounts sets you up for failure. That’s why we make creating and storing strong, unique passwords simple.

The quickest way to lose your WhatsApp? Sending someone a code you thought was “no big deal.” If it shows up on your phone, it’s meant for your account, no matter who asks. Protect it like your group chats depend on it (because they do).

Learn how to understand, combat, and even create synthetic media in this essential deepfake training session with Perry Carpenter, KnowBe4's Chief Human Risk Management Strategist. Deepfakes and synthetic media are no longer futuristic threats—they are here now, and organizations are already experiencing deepfake-related attacks. A May 2024 study showed that 25.9% of organizations have experienced deepfake-related attacks, with other indicators suggesting the number may be closer to 90%. It is high time to prepare people to deal with this evolving threat.

Phishing remains one of the most common ways attackers try to breach enterprise environments. Traditional tools often detect these attempts too late, giving attackers time to gain a foothold. In this demo, you’ll see how the Cato SASE Cloud Platform stops phishing attempts in real time. Cato inspects every click, evaluates threats instantly, and blocks malicious sites before they load, without slowing users down.

How do you find React2Shell vulnerabilities or detect React2Shell attacks in real environments? In this video, Corelight cloud security researcher David Burkett walks through how to threat hunt React2Shell by focusing on post-exploitation behavior at the network level. Instead of relying on exploit signatures, the approach uses application baselining and network traffic analysis to identify abnormal behavior.

“It is also a common trap of giving inexperienced customers a false sense of security…”~Navigating Supply Chain Cyber Risk TPRM processes today are filled with thousands of pages of questionnaires, assessments, and more, but does that status quo really help secure your vendor ecosystem? Join Aleksandr Yampolskiy (CEO & Co-Founder, SecurityScorecard) and Alex Golbin (Co-Author, Navigating Supply Chain Cyber Risk) as they chat about.

We’ve redesigned the miniOrange SAML SSO + SCIM Provisioning app for Bitbucket with a new bundled interface to make authentication and user provisioning simpler, faster, and more efficient. This video is your step-by-step guide to understanding what’s new, where to find your settings, and how to make the most of the updated dashboard. What You’ll Learn Unified Dashboard Navigation – Manage SAML SSO and SCIM provisioning from one central place.

The clip explores how hidden stress builds inside teams, with some people masking pressure until it erupts like a volcano. Trusting intuitive colleagues to share what is really happening gives leaders a clearer view of rising tension, before everyone ends up running from the emotional blast.