Are you running SAP? The clock is ticking... Standard maintenance end-of-life is set for the end of 2027. Migration to S/4HANA must be completed by then (or 2030 if you buy into SAP’s special three-year reprieve). While that may appear to be enough time, companies currently working toward an S/4HANA transition are finding the journey challenging, and that's not including the security challenges.

Chris Carter, CEO at Approyo, joins Business Security Weekly to discuss your SAP options, including:

• ERP Strategy: Stay with SAP or migrate to other solutions?
• S/4HANA Architecture: All cloud or cloud/on-premise?
• Security Challenges: Cloud vs. on-premise
• SAP Migration: Recommendations for success

In the leadership and communications section, Where cybersecurity maturity meets confidence in C-suite and board leadership, Has CISO become the least desirable role in business?, How Radical Transparency Is Revolutionizing Leadership, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-404

AI meltdowns, Gigabyte, NCSC, Rowhammer, Gravity Form, Grok, AsyncRat, Josh Marpet and more on the Security Weekly News.

Visit https://www.securityweekly.com/swn for all the latest episodes!

Show Notes: https://securityweekly.com/swn-494

What are some appsec basics? There's no monolithic appsec role. Broadly speaking, appsec tends to branch into engineering or compliance paths, each with different areas of focus despite having shared vocabularies and the (hopefully!) shared goal of protecting software, data, and users.

The better question is, "What do you want to secure?"

We discuss the Cybersecurity Skills Framework put together by the OpenSSF and the Linux Foundation and how you might prepare for one of its job families. The important basics aren't about memorizing lists or technical details, but demonstrating experience in working with technologies, understanding how they can fail, and being able to express concerns, recommendations, and curiosity about their security properties.

Resources:

• https://cybersecurityframework.io
• https://owasp.org/www-project-cheat-sheets/
• https://blog.cloudflare.com/rfc-8446-aka-tls-1-3/
• https://aflplus.plus/
• https://writings.stephenwolfram.com/2023/02/what-is-chatgpt-doing-and-why-does-it-work/

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw-339

In the rush to score AI funding dollars, a lot of startups build a basic wrapper around existing generative AI services like those offered by OpenAI and Anthropic. As a result, these services are expensive, and don't satisfy many security operations teams' privacy requirements.

This is just the tip of the iceberg when discussing the challenges of using AI to aid the SOC. In this interview, we'll dive into the challenge of finding security vendors that care about security, the need for transparency in products, the evolving shared responsibility model, and other topics related to solving security operations challenges.

In the past few weeks, I've talked to several startup founders who are running into buyers that aren’t allowed to purchase their products, even though they want them and prefer them over the competition. Why? No AI and they’re not allowed to buy.

Finally, in the enterprise security news,

1. We cover the latest funding
2. The Trustwave saga comes to a positive end
3. Android 16 could help you evade law enforcement
4. Microsoft is kicking 3rd party AV out of the kernel
5. Giving AI some personality (and honesty)
6. Log4shell canaries reveal password weirdness
7. Denmark gives citizens copyright to their own faces to fight AI
8. McDonald’s has an AI whoopsie
9. Ingram Micro has a ransomware whoopsie
10. Drama in the trailer lock industry

All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-415

Tapjacking, ZuChe, PerfektBlue, McHacking, OT in the IT, Add Ons, Josh Marpet, and More on this episode of the Security Weekly News.

Visit https://www.securityweekly.com/swn for all the latest episodes!

Show Notes: https://securityweekly.com/swn-493

This week in the security news:

• Citrixbleed 2 and so many failures
• Ruckus leads the way on how not to handle vulnerabilities
• When you have no egress
• Applocker bypass
• So you bought earbuds from TikTok
• More gadgets and the crazy radio
• Cheap drones and android apps
• Best Mario Kart controller ever
• VSCode: You're forked
• Bluetooth earbuds and vulnerabilities
• Do you remember Sound blaster cards?
• NFC passport chips
• Whack-a-disk

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw-882

SEC settles with SolarWinds. We react!

In the leadership and communications section, The Skills and Habits Aspiring CEOs Need to Build, Why People Really Quit — And How Great Managers Make Them Want to Stay, The Small Actions That Become Your Legacy, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-403

Spying on your kids, Bank Robberies, Qantas, LOTL, sudo, Hunters, Aaran Leyland, and more on the Security Weekly News.

Visit https://www.securityweekly.com/swn for all the latest episodes!

Show Notes: https://securityweekly.com/swn-492