Security Weekly Podcast Network (Audio)

As the Verizon Data Breach Investigations Report has stated year after year, most breaches start with human error. We've invested a lot in Security Awareness and Training and Phishing solutions, but yet human error is still the top risk. How do we actually reduce human risk? Rinki Sethi, CSO at Upwind Security, and Nicole Jiang, CEO of Fable Security, share why human risk management is the next frontier for security—and how platforms like Fable Security deliver personalized nudges that help employees build safer habits and stay ahead of threats. Solving human risk starts by changing human behavior. Learn how advancements in Artificial Intelligence (AI) and the application of adtech principles (targeted, personalized, A/B-tested messages delivered when they’re most relevant) are delivering faster, more effective behavior change that lasts. Segment Resources: Five must-haves of modern human risk management: https://fablesecurity.com/ebook-five-must-haves/ Starter RFP for modern human risk management: https://fablesecurity.com/starter-rfp-for-modern-hrm/ This segment is sponsored by Fable Security. Visit https://securityweekly.com/fable to learn more about them! In the leadership and communications segment, Inside the CISO Mind: How Security Leaders Choose Solutions, 2026 Leadership Strategy: Mastering Agility and Anticipation for Better Decisions, The Most Human, Strategic, Sought-After Tool in Leadership, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-418

The Afterlife, AWS, ClickFix, Agentic AI Galore, Robot Lumberjacks, Robocalls, Aaran Leyland, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-522 This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!

Ransomware attacks typically don't care about memory safety and dependency scanning, they often target old, unpatched vulns and too often they succeed. Rob Allen shares some of the biggest cases he's seen, what they have in common, and what appsec teams could do better to help them. Too much software still requires custom configuration to make it more secure. And too few software makers are embracing secure by default, let alone secure by design. In the news, passively monitoring geosynchronous satellite communications on the cheap, successful LLM poisoning of any size model with a single size dose, security engineering lessons from Signal's post-quantum crypto work, improving security for JavaScript in the browser, and more! This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-353

Segment 1: David Brauchler on AI attacks and stopping them David Brauchler says AI red teaming has proven that eliminating prompt injection is a lost cause. And many developers inadvertently introduce serious threat vectors into their applications – risks they must later eliminate before they become ingrained across application stacks. NCC Group’s AI security team has surveyed dozens of AI applications, exploited their most common risks, and discovered a set of practical architectural patterns and input validation strategies that completely mitigate natural language injection attacks. David's talk aimed at helping security pros and developers understand how to design/test complex agentic systems and how to model trust flows in agentic environments. He also provided information about what architectural decisions can mitigate prompt injection and other model manipulation risks, even when AI systems are exposed to untrusted sources of data. More about David's Black Hat talk: https://www.nccgroup.com/research-blog/when-guardrails-arent-enough-reinventing-agentic-ai-security-with-architectural-controls/ https://www.blackhat.com/us-25/briefings/schedule/#when-guardrails-arent-enough-reinventing-agentic-ai-security-with-architectural-controls-46112 https://i.blackhat.com/BH-USA-25/Presentations/USA-25-Brauchler-When-Guardrails-Arent-Enough.pdf Additional blogs by David about AI security: https://www.nccgroup.com/research-blog/analyzing-secure-ai-architectures/ https://www.nccgroup.com/research-blog/analyzing-secure-ai-design-principles/ https://www.nccgroup.com/research-blog/analyzing-ai-application-threat-models/ https://www.nccgroup.com/building-security-first-ai-applications-a-best-practices-guide-for-cisos/ https://www.nccgroup.com/building-trust-by-design-for-secure-ai-applications-tips-for-cisos/ https://www.nccgroup.com/ai-and-cyber-security-new-vulnerabilities-cisos-must-address/ Segment 2: Should we replace the CIA triad? An op-ed on CSO Online made us think - should we consider the CIA triad 'dead' and replace it? We discuss the value and longevity of security frameworks, as well as the author's proposed replacement. Segment 3: The Weekly Enterprise News Finally, in the enterprise security news, All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-429

Erotic Chats, UEFI, F5, Cisco, Doug Sings, Insiders, Lastpass, Sora, Aaran Leyland, and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-521

First up is a technical segment on UEFI shells: determining if they contain dangerous functionality that allows attackers to bypass Secure Boot. Then in the security news: Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-896

Still managing compliance in a spreadsheet? Don't have enough time or resources to verify your control or risk posture? And you wonder why you can't get the budget to move your compliance and risk programs forward. Maybe it's time for a different approach. Trevor Horwitz, Founder and CISO at TrustNet joins Business Security Weekly to discuss how the evolution of Agentic AI can automate compliance and risk programs. Move beyond spreadsheets and let the power of AI streamline your compliance and risk program. In the leadership and communications segment,Is the CISO chair becoming a revolving door?, When Integrity Collides with Bureaucracy: The Price of Leadership in Cybersecurity — and Why Walking Away Can Be the Bravest Act!, Improve Communication With Others By Talking Less — Not More, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-417

Bikers, Apple, Storm-657, Astaroth, EES, Salesforce, Aaran Leyland, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-520

Interest and participation in the OWASP GenAI Security Project has exploded over the last two years. Steve Wilson explains why it was important for the project to grow beyond just a Top Ten list and address more audiences than just developers. He also talks about how the growth of AI Agents influences the areas that appsec teams need to focus on. Whether apps are created by genAI or directly use genAI, the future of securing software is going to be busy. Resources https://genai.owasp.orghttps://genai.owasp.org/llm-top-10/https://a.co/d/6LZoXxQ This segment is sponsored by The OWASP GenAI Security Project. Visit https://securityweekly.com/owasp to learn more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-352

Segment 1 - Interview with Dr. Anand Singh We're always thrilled to have authors join us to discuss their new book releases, and this week, it is Dr. Anand Singh. He seriously hustled to get his new book, Data Security in the Age of AI, out as soon as possible so that it could help folks dealing with securing AI rollouts right now! We'll discuss why he wrote it, how he got it done so quickly, and who needs to read it. Segment Resources: Data Security in the Age of AI Segment 2 - Topic: The reasons why CISOs buy (and the things that don't matter to them) Val Tsanev, founder of ExecWeb, part of the CyberRisk Alliance family, posted shared some VERY spicy insights about how CISOs buy products. This elicited some passionate responses. There are many interesting insights, but the biggest and most interesting is that 76% of CISOs choose products that presents the least risk to them, personally. Career safety trumps product performance, it would seem. Segment 3 - News In the enterprise security news, All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-428

Ballistic Hot Dogs, Sonicwall, Clayrat, Twonet, Lockbit, Breachforums, Resumes, Discord, Aaran Leyland, and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-519

This week we kick things off with a special interview: Kieran Human from Threat Locker talks about EDR bypasses and other special projects. In the security news: This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-895

Global spending on cybersecurity products and services will see a strong 14.4% CAGR from 2024 through 2029 and will hit $302.5 billion in 2029, driven by continued concerns around cyberattacks across all verticals and geographies. But where is the spending occuring and how do you prepare? Merritt Maxim, VP & Research Director at Forrester, joins Business Security Weekly to discuss the Global Cybersecurity Market Forecast, 2024 To 2029 report. Merritt will discuss the findings, including: See Merritt's blog of the results at https://www.forrester.com/blogs/global-cybersecurity-spending-to-exceed-300b-by-2029/. In the leadership and communications segment, The problem with cybersecurity is not just hackers – it’s how we measure risk, What California’s new AI law means for CIOs (and CISOs), The Language of Leadership: How to Set Firm Boundaries Without Sounding Like a Jerk, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-416

Bad Crypto, Blood Thirsty Zombie CPUs, Y2K38, Park Mobile, Palo Alto, Redis, Red Hat, Deloitte, Aaran Leyland, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-518

Software has forever had flaws and humans have forever been finding and fixing them. With LLMs generating code, appsec has also been trying to determine how well LLMs can find flaws. Nico Waisman talks about XBOW's LLM-based pentesting, how it climbed a bug bounty leaderboard, how it uses feedback loops for better pentests, and how they handle (and even welcome!) hallucinations. In the news, using LLMs to find flaws, directory traversal in an MCP, another resource for learning cloud and AI security, spreadsheets and appsec, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-351

At Oktane 2025, leaders from across the security ecosystem shared how identity has become the new front line in protecting today’s AI-driven enterprises. As SaaS adoption accelerates and AI agents proliferate, organizations face an explosion of human and non-human identities—and with it, growing risks like misconfigured access, orphaned accounts, and identity-based attacks. In this special Enterprise Security Weekly episode, we bring together insights from top experts: From open standards to privileged access management and AI-powered defense, these Oktane 2025 conversations explore how identity-driven strategies are shaping the future of enterprise security. Segment Resources: https://www.okta.com/newsroom/articles/old-security-challenges--new-ai-risks--managing-authorization-in https://www.okta.com/newsroom/press-releases/okta-introduces-cross-app-access-to-help-secure-ai-agents-in-the/ https://www.okta.com/blog/ai/securing-the-ai-agent-ecosystem/ https://www.okta.com/customers/adyen/ https://www.okta.com/newsroom/?sort=featured&filters=okta%3Acategories%2Fidentity-security https://www.okta.com/customers/thoughtworks/ This segment is sponsored by Oktane by Okta. Visit https://securityweekly.com/oktane to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-427

Ratboi, Clop, Oracle, svgs, Impact Solutions, The Pentagon, Open AI, Josh Marpet, and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-517

In addition to some fun news, we get a Mary Ann Davidson as a surprise guest. We even get a great quote from her of "You're never going to have enough cybersecurity people to defend what was never built to be defensible.". Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-894

More than four out of ten (41%) Chief Information Officers (CIOs) report cybersecurity as their top concern, yet these same leaders are simultaneously increasing security budgets (77%), expanding cloud infrastructure (68%), and accelerating artificial intelligence (AI) capabilities (67%). According to the new Future Forward: CIO 2025 Outlook report released by Experis, a global leader in IT workforce solutions and part of the ManpowerGroup (NYSE: MAN) family of brands, modern technology leaders are walking a tightrope between protecting their organizations and driving innovation in an era of relentless cyber threats and rapid digital transformation. Amanda Jack, CTO at Manpower Group, joins Business Security Weekly to share the finding, including: Segment Resources: https://www.experis.com/en/cio-outlook In the leadership and communications segment, Is Your Board Too Collegial?, Cybersecurity, AI, and Economic Uncertainty: How Internal Audit Teams Are Managing 2025's Top Risks, Burnout in the corporate middle: when leadership becomes an issue, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-415

Attica, Crustacean Porn, Broadcom, William of Ockham, Jaguar, SVG, Aaran Leyland, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-516